PT-2021-3823 · Cisco · Snort +2

Name of the Vulnerable Software and Affected Versions: Cisco Web Security Appliance affected versions not specified Cisco Firepower Threat Defense affected versions not specified Snort detection engine affected versions not specified Description: A vulnerability in Server Name Identification SNI...

CVE-2021-32826

Proxyee-Down is open source proxy software. An attacker being able to provide an extension script eg: through a MiTM attack or by hosting a malicious extension may be able to run arbitrary commands on the system running Proxyee-Down. For more details including a PoC see the referenced...

PYSEC-2021-779

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...

PT-2021-21761 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The implementation of tf.raw ops.StringNGrams is vulnerable to an integer overfl...

PT-2021-21760 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 Description: The implementation of tf.raw ops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer...

PT-2021-21805 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow version 2.6.0 Description: The strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker c...

PT-2021-6503 · Unknown +1 · Tinyobjloader +1

Name of the Vulnerable Software and Affected Versions: tinyobjloader versions v2.0-rc1 through development commit 79d4421 Description: An improper array index validation issue exists in the LoadObj functionality, allowing a specially crafted file to potentially lead to code execution. An attacker...

PT-2021-18161 · D Link · D-Link Dsl-2740E

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2740R version UK 1.01 Description: A Null Pointer Dereference issue exists, which could allow a remote malicious user to cause a denial of service via the send hnap unauthorized function. This can be triggered by sending a crafted...

PT-2021-3900 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue is related to the Windows User Profile Service and is associated with insufficient access restrictions. It allows an attacker to elevate their privileges. The vulnerability ca...

PT-2021-4039 · Microsoft · Windows Digital Tv Tuner Device Registration Application +1

Name of the Vulnerable Software and Affected Versions: Windows Digital TV Tuner device registration application affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Digital TV Tuner device registration application, which can be...

PT-2021-3826 · Microsoft · Windows Bluetooth Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Bluetooth Driver affected versions not specified Description: The issue is related to insufficient access control in the Windows Bluetooth Driver, which can be exploited to elevate privileges. This could allow an attacker to affect th...

PT-2021-3865 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.28 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 Description: The issue is related to the components QueryGenerator and QueryView in the TYPO3 content management system, which are...

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) vulnerable to cross-site scripting

Overview Trend Micro Incorporated has released a security update for InterScan Web Security Virtual Appliance IWSVA. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN. Impact A user may be redirected to an arbitrary website due to the...

PT-2024-11336 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.0-rc7 Description: A vulnerability in the Linux kernel has been resolved, which involved a bad pointer dereference when the ehandler kthread is invalid. The issue occurred when the error handler thread fail...

CVE-2021-20221 affecting package qemu-kvm 4.2.0-48

CVE-2021-20221 affecting package qemu-kvm 4.2.0-48. A patched version of the package is available...

CVE-2007-2768 affecting package openssh 8.9p1-3

CVE-2007-2768 affecting package openssh 8.9p1-3. A patched version of the package is available...

CVE-2021-32730

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It's possible for forge an URL that, when accessed by an admin, will reset th...

PT-2021-10740 · Unknown · Phpgurukul Hospital Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Hospital Management System in PHP version 4.0 Description: The issue concerns a SQL injection vulnerability located in the hmsadminbetweendates-detailsreports.php file. This vulnerability can be exploited by remote unauthenticated...

SAP Solution Manager 7.2 (ST 720) Open Redirection

Onapsis Security Advisory 2021-0005: SAP Solution Manager Open Redirect from Trace Analysis Impact on Business Under certain circumstances, an attacker might be able to steal a cookie from the application. It may impact the confidentiality of the service. Advisory Information - Public Release Dat...

PT-2021-15203

Name of the Vulnerable Software and Affected Versions PowerLogic EGX100 versions 3.0.0 and newer PowerLogic EGX300 all versions Description A CWE-20: Improper Input Validation issue exists that could cause denial of service or remote code execution via a specially crafted HTTP packet...