VYPR

CVEs

31,781 total · page 416 of 636

  • CVE-2020-35881CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x.

  • CVE-2020-35880CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation.

  • CVE-2020-35879CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut.

  • CVE-2020-35878CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory.

  • CVE-2020-35877CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access.

  • CVE-2020-35876CriDec 31, 2020
    risk 0.00cvss 9.8epss 0.02

    An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race.

  • CVE-2020-35873CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free.

  • CVE-2020-35872CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.

  • CVE-2020-35870CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free.

  • CVE-2020-35869CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.

  • CVE-2020-35868CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification.

  • CVE-2020-35867CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module.

  • CVE-2020-35866CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor.

  • CVE-2020-35863CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.03

    An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.

  • CVE-2020-35862CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free.

  • CVE-2020-35860CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code.

  • CVE-2020-35859CriDec 31, 2020
    risk 0.00cvss 9.1epss 0.02

    An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption.

  • CVE-2020-35858CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.03

    An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM).

  • CVE-2019-25010CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden.

  • CVE-2019-25009CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.

  • CVE-2019-25004CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.

  • CVE-2019-25002CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.01

    An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.

  • CVE-2020-35926CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.

  • CVE-2020-35902CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed.

  • CVE-2020-35898CriDec 31, 2020
    risk 0.52cvss 9.1epss 0.01

    An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.

  • CVE-2020-25848CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.02

    HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.

  • CVE-2019-7726CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.02

    modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).

  • CVE-2019-7725CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.03

    includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).

  • CVE-2018-14067CriDec 31, 2020
    risk 0.64cvss 9.8epss 0.07

    Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may…

  • CVE-2016-9026CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.01

    Exponent CMS before 2.6.0 has improper input validation in fileController.php.

  • CVE-2016-9025CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.01

    Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.

  • CVE-2016-9023CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.01

    Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.

  • CVE-2016-9022CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.01

    Exponent CMS before 2.6.0 has improper input validation in usersController.php.

  • CVE-2016-9021CriDec 31, 2020
    risk 0.57cvss 9.8epss 0.01

    Exponent CMS before 2.6.0 has improper input validation in storeController.php.

  • CVE-2020-17363CriDec 31, 2020
    risk 0.65cvss 9.9epss 0.04

    USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.

  • CVE-2020-12658CriDec 31, 2020
    risk 0.00cvss 9.8epss 0.02

    gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has…

  • CVE-2020-11103CriDec 30, 2020
    risk 0.64cvss 9.8epss 0.03

    JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution.

  • CVE-2020-35173CriDec 30, 2020
    risk 0.00cvss 9.8epss 0.02

    The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER).

  • CVE-2019-12768CriDec 30, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on D-Link DAP-1650 devices through v1.03b07 before 1.04B02_J65H Hot Fix. Attackers can bypass authentication via forceful browsing.

  • CVE-2020-29594CriDec 30, 2020
    risk 0.64cvss 9.8epss 0.02

    Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.

  • CVE-2020-35848CriDec 30, 2020
    risk 0.66cvss 9.8epss 0.75

    Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

  • CVE-2020-35847CriDec 30, 2020
    risk 0.68cvss 9.8epss 0.98

    Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.

  • CVE-2020-35846CriDec 30, 2020
    risk 0.67cvss 9.8epss 0.93

    Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.

  • CVE-2020-35800CriDec 30, 2020
    risk 0.61cvss 9.4epss 0.02

    Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before…

  • CVE-2020-35798CriDec 30, 2020
    risk 0.61cvss 9.3epss 0.01

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900…

  • CVE-2020-35797CriDec 30, 2020
    risk 0.64cvss 9.8epss 0.02

    NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker.

  • CVE-2020-35795CriDec 30, 2020
    risk 0.64cvss 9.8epss 0.01

    Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before…

  • CVE-2020-10208CriDec 30, 2020
    risk 0.65cvss 9.9epss 0.04

    Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges.

  • CVE-2020-10210CriDec 29, 2020
    risk 0.64cvss 9.8epss 0.02

    Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series, Kami7B, an attacker may remotely log in through SSH.

  • CVE-2020-10207CriDec 29, 2020
    risk 0.64cvss 9.8epss 0.02

    Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings.