| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-37222 | Cri | 0.64 | 9.8 | 0.02 | Aug 12, 2021 | Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets. | ||
| CVE-2021-38574 | Cri | 0.64 | 9.8 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string. | ||
| CVE-2021-38573 | Cri | 0.64 | 9.8 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated. | ||
| CVE-2021-38572 | Cri | 0.64 | 9.8 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated. | ||
| CVE-2021-38570 | Cri | 0.59 | 9.1 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink. | ||
| CVE-2021-38568 | Cri | 0.64 | 9.8 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format. | ||
| CVE-2021-38564 | Cri | 0.59 | 9.1 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows an out-of-bounds read via util.scand. | ||
| CVE-2021-38563 | Cri | 0.64 | 9.8 | 0.01 | Aug 11, 2021 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading… | ||
| CVE-2020-25566 | Cri | 0.64 | 9.8 | 0.02 | Aug 11, 2021 | In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to… | ||
| CVE-2020-25565 | Cri | 0.64 | 9.8 | 0.02 | Aug 11, 2021 | In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions… | ||
| CVE-2020-25563 | Cri | 0.64 | 9.8 | 0.02 | Aug 11, 2021 | In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID. | ||
| CVE-2020-25560 | Cri | 0.64 | 9.8 | 0.02 | Aug 11, 2021 | In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions… | ||
| CVE-2020-21359 | Cri | 0.64 | 9.8 | 0.02 | Aug 11, 2021 | An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. | ||
| CVE-2021-33794 | Cri | 0.59 | 9.1 | 0.01 | Aug 11, 2021 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction. | ||
| CVE-2021-33793 | Cri | 0.64 | 9.8 | 0.01 | Aug 11, 2021 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion. | ||
| CVE-2021-20418 | Cri | 0.64 | 9.8 | 0.01 | Aug 11, 2021 | IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279. | ||
| CVE-2019-25052 | Cri | 0.59 | 9.1 | 0.01 | Aug 11, 2021 | In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. | ||
| CVE-2021-38530 | Cri | 0.63 | 9.6 | 0.02 | Aug 11, 2021 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before… | ||
| CVE-2021-38528 | Cri | 0.63 | 9.6 | 0.02 | Aug 11, 2021 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56. | ||
| CVE-2021-38516 | Cri | 0.65 | 10.0 | 0.01 | Aug 11, 2021 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50… | ||
| CVE-2021-38513 | Cri | 0.63 | 9.6 | 0.02 | Aug 11, 2021 | Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before… | ||
| CVE-2021-32122 | Cri | 0.64 | 9.8 | 0.00 | Aug 11, 2021 | Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44. | ||
| CVE-2021-20032 | Cri | 0.64 | 9.8 | 0.02 | Aug 10, 2021 | SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier. | ||
| CVE-2021-37425 | Cri | 0.67 | 9.1 | 0.66 | Aug 10, 2021 | Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key. | ||
| CVE-2021-38384 | — | Cri | 0.64 | 9.8 | 0.01 | Aug 10, 2021 | Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly… | |
| CVE-2021-38383 | Cri | 0.00 | 9.8 | 0.01 | Aug 10, 2021 | OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c. | ||
| CVE-2021-38140 | Cri | 0.64 | 9.8 | 0.01 | Aug 10, 2021 | The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user(). | ||
| CVE-2021-32943 | Cri | 0.64 | 9.8 | 0.02 | Aug 10, 2021 | The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | ||
| CVE-2020-23151 | Cri | 0.64 | 9.8 | 0.06 | Aug 9, 2021 | rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped. | ||
| CVE-2021-32798 | Cri | 0.58 | 10.0 | 0.02 | Aug 9, 2021 | The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an… | ||
| CVE-2021-21596 | Cri | 0.62 | 9.6 | 0.01 | Aug 9, 2021 | Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability… | ||
| CVE-2021-21585 | Cri | 0.59 | 9.1 | 0.02 | Aug 9, 2021 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. | ||
| CVE-2021-21564 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2021 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. | ||
| CVE-2014-9320 | Cri | 0.64 | 9.8 | 0.04 | Aug 9, 2021 | SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. | ||
| CVE-2013-6276 | Cri | 0.64 | 9.8 | 0.01 | Aug 9, 2021 | QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models | ||
| CVE-2021-22910 | Cri | 0.64 | 9.8 | 0.02 | Aug 9, 2021 | A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE. | ||
| CVE-2021-24507 | Cri | 0.65 | 9.8 | 0.11 | Aug 9, 2021 | The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL… | ||
| CVE-2021-24499 | Cri | 0.72 | 9.8 | 0.60 | Aug 9, 2021 | The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the… | ||
| CVE-2021-38197 | — | Cri | 0.57 | 9.8 | 0.02 | Aug 8, 2021 | unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive. | |
| CVE-2021-38196 | — | Cri | 0.64 | 9.8 | 0.03 | Aug 8, 2021 | An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose. | |
| CVE-2021-38195 | — | Cri | 0.00 | 9.8 | 0.01 | Aug 8, 2021 | An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow. | |
| CVE-2021-38194 | — | Cri | 0.57 | 9.8 | 0.01 | Aug 8, 2021 | An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified. | |
| CVE-2021-38190 | — | Cri | 0.57 | 9.8 | 0.01 | Aug 8, 2021 | An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count. | |
| CVE-2021-38189 | — | Cri | 0.57 | 9.8 | 0.01 | Aug 8, 2021 | An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two sequences and then inject arbitrary SMTP commands. | |
| CVE-2021-38188 | — | Cri | 0.57 | 9.8 | 0.01 | Aug 8, 2021 | An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely. | |
| CVE-2021-38187 | — | Cri | 0.64 | 9.8 | 0.01 | Aug 8, 2021 | An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a *u8 to a *u64. | |
| CVE-2020-36452 | — | Cri | 0.64 | 9.8 | 0.01 | Aug 8, 2021 | An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. | |
| CVE-2020-36443 | — | Cri | 0.64 | 9.8 | 0.01 | Aug 8, 2021 | An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function. | |
| CVE-2020-36434 | — | Cri | 0.64 | 9.8 | 0.01 | Aug 8, 2021 | An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free. | |
| CVE-2020-36432 | — | Cri | 0.64 | 9.8 | 0.01 | Aug 8, 2021 | An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new(). |
- risk 0.64cvss 9.8epss 0.02
Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via crafted data at the end of a string.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because a CombineFiles pathname is not validated.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.
- risk 0.59cvss 9.1epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete arbitrary files (during uninstallation) via a symlink.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format.
- risk 0.59cvss 9.1epss 0.01
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows an out-of-bounds read via util.scand.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading…
- risk 0.64cvss 9.8epss 0.02
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password form as shown in POC. Notice that we do not require a JSESSIONID in this request and can reset any user’s password by changing the username to that user and password to…
- risk 0.64cvss 9.8epss 0.02
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions…
- risk 0.64cvss 9.8epss 0.02
In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID.
- risk 0.64cvss 9.8epss 0.02
In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions…
- risk 0.64cvss 9.8epss 0.02
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
- risk 0.59cvss 9.1epss 0.01
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an application crash after mishandling the Tab key during XFA form interaction.
- risk 0.64cvss 9.8epss 0.01
Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion.
- risk 0.64cvss 9.8epss 0.01
IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279.
- risk 0.59cvss 9.1epss 0.01
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
- risk 0.63cvss 9.6epss 0.02
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before…
- risk 0.63cvss 9.6epss 0.02
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56.
- risk 0.65cvss 10.0epss 0.01
Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50…
- risk 0.63cvss 9.6epss 0.02
Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before…
- risk 0.64cvss 9.8epss 0.00
Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.
- risk 0.64cvss 9.8epss 0.02
SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier.
- risk 0.67cvss 9.1epss 0.66
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
- risk 0.64cvss 9.8epss 0.01
Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly…
- risk 0.00cvss 9.8epss 0.01
OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c.
- risk 0.64cvss 9.8epss 0.01
The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user().
- risk 0.64cvss 9.8epss 0.02
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
- risk 0.64cvss 9.8epss 0.06
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.
- risk 0.58cvss 10.0epss 0.02
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an…
- risk 0.62cvss 9.6epss 0.01
Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability…
- risk 0.59cvss 9.1epss 0.02
Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands.
- risk 0.64cvss 9.8epss 0.02
Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data.
- risk 0.64cvss 9.8epss 0.04
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.
- risk 0.64cvss 9.8epss 0.01
QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models
- risk 0.64cvss 9.8epss 0.02
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.
- risk 0.65cvss 9.8epss 0.11
The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (available to both unauthenticated and authenticated user) before using them in SQL…
- risk 0.72cvss 9.8epss 0.60
The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the…
- risk 0.57cvss 9.8epss 0.02
unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose.
- risk 0.00cvss 9.8epss 0.01
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow.
- risk 0.57cvss 9.8epss 0.01
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.
- risk 0.57cvss 9.8epss 0.01
An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count.
- risk 0.57cvss 9.8epss 0.01
An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two sequences and then inject arbitrary SMTP commands.
- risk 0.57cvss 9.8epss 0.01
An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_unchecked(slice.length()) is used unsafely.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a *u8 to a *u64.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new().