VYPR

CVEs

31,782 total · page 365 of 636

  • CVE-2021-45890CriDec 27, 2021
    risk 0.00cvss 9.8epss 0.02

    basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.

  • CVE-2021-4161CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.

  • CVE-2021-43857CriDec 27, 2021
    risk 0.00cvss 9.8epss 0.55

    Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.

  • CVE-2021-45232CriDec 27, 2021
    risk 0.71cvss 9.8epss 0.86

    In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of…

  • CVE-2021-45709CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur.

  • CVE-2021-45707CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.

  • CVE-2021-45706CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.

  • CVE-2021-45705CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer.

  • CVE-2021-45703CriDec 27, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::::process may read from uninitialized memory locations.

  • CVE-2021-45701CriDec 27, 2021
    risk 0.00cvss 9.8epss 0.01

    An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.

  • CVE-2021-45698CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction.

  • CVE-2021-45697CriDec 27, 2021
    risk 0.00cvss 9.8epss 0.01

    An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result.

  • CVE-2021-45696CriDec 27, 2021
    risk 0.00cvss 9.8epss 0.01

    An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used.

  • CVE-2021-45695CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass.

  • CVE-2021-45693CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations.

  • CVE-2021-45692CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations.

  • CVE-2021-45691CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations.

  • CVE-2021-45690CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations.

  • CVE-2021-45689CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations.

  • CVE-2021-45688CriDec 27, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.

  • CVE-2021-45687CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic.

  • CVE-2021-45686CriDec 27, 2021
    risk 0.00cvss 9.8epss 0.01

    An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory locations.

  • CVE-2021-45685CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations.

  • CVE-2021-45684CriDec 27, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations.

  • CVE-2021-45683CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations.

  • CVE-2021-45682CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations.

  • CVE-2020-36514CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations.

  • CVE-2020-36513CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.

  • CVE-2020-36512CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations.

  • CVE-2018-25026CriDec 27, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.

  • CVE-2018-25025CriDec 27, 2021
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.

  • CVE-2018-25024CriDec 27, 2021
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption.

  • CVE-2021-45678CriDec 26, 2021
    risk 0.64cvss 9.8epss 0.01

    NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code.

  • CVE-2021-45654CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information.

  • CVE-2021-45652CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

  • CVE-2021-45650CriDec 26, 2021
    risk 0.59cvss 9.1epss 0.01

    Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before 1.0.4.102, R7000P before 1.3.2.126, R6700v3 before 1.0.4.102, and R6900P before…

  • CVE-2021-45638CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.74, D8500 before 1.0.3.60, DC112A before 1.0.0.56, R6300v2 before 1.0.4.50, R6400 before…

  • CVE-2021-45635CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-45634CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-45633CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.

  • CVE-2021-45632CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-45631CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and…

  • CVE-2021-45630CriDec 26, 2021
    risk 0.65cvss 10.0epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and…

  • CVE-2021-45629CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-45628CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12,…

  • CVE-2021-45627CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

  • CVE-2021-45626CriDec 26, 2021
    risk 0.62cvss 9.6epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK20 before 2.6.1.36, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before…

  • CVE-2021-45625CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.

  • CVE-2021-45624CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 before 1.0.3.56, R7000P…

  • CVE-2021-45622CriDec 26, 2021
    risk 0.63cvss 9.6epss 0.02

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before…