Search Results (363662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-33650 1 Mindspore 1 Mindspore 2024-11-21 7.5 High
When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers.
CVE-2021-33649 1 Mindspore 1 Mindspore 2024-11-21 7.5 High
When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers.
CVE-2021-33648 1 Mindspore 1 Mindspore 2024-11-21 7.5 High
When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers.
CVE-2021-33647 1 Mindspore 1 Mindspore 2024-11-21 7.5 High
When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers.
CVE-2021-33638 1 Openeuler 1 Isula 2024-11-21 8.4 High
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.
CVE-2021-33637 1 Openeuler 1 Isula 2024-11-21 8.4 High
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.
CVE-2021-33636 1 Openeuler 1 Isula 2024-11-21 8.4 High
When the isula load command is used to load malicious images, attackers can execute arbitrary code.
CVE-2021-33635 1 Openeuler 1 Isula 2024-11-21 9.8 Critical
When malicious images are pulled by isula pull, attackers can execute arbitrary code.
CVE-2021-33634 1 Openeuler 1 Icr 2024-11-21 6.3 Medium
iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.
CVE-2021-33629 1 Openeuler 1 Isula-build 2024-11-21 7.5 High
isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions for processing external data do not remove spaces when processing data.
CVE-2021-33623 4 Debian, Netapp, Redhat and 1 more 5 Debian Linux, E-series Performance Analyzer, Acm and 2 more 2024-11-21 7.5 High
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
CVE-2021-33622 1 Sylabs 2 Singularity, Singularitypro 2024-11-21 9.8 Critical
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.
CVE-2021-33620 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-11-21 6.5 Medium
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
CVE-2021-33618 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 6.1 Medium
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
CVE-2021-33617 1 Zohocorp 1 Manageengine Password Manager Pro 2024-11-21 5.3 Medium
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.
CVE-2021-33616 1 Rsa 1 Archer 2024-11-21 5.4 Medium
RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.
CVE-2021-33615 1 Rsa 1 Archer 2024-11-21 7.5 High
RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.
CVE-2021-33611 1 Vaadin 2 Vaadin, Vaadin-menu-bar 2024-11-21 6.1 Medium
Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL
CVE-2021-33609 1 Vaadin 1 Vaadin 2024-11-21 4.3 Medium
Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data.
CVE-2021-33605 1 Vaadin 2 Vaadin, Vaadin-checkbox-flow 2024-11-21 4.3 Medium
Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.0.1 (Vaadin 15.0.0 through 17.0.11), 14.5.0 through 14.6.7 (Vaadin 14.5.0 through 14.6.7), and 18.0.0 through 20.0.5 (Vaadin 18.0.0 through 20.0.5) allows attackers to modify the value of a disabled Checkbox inside enabled CheckboxGroup component via unspecified vectors.