Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45528 | 1 Netgear | 22 R6300v2, R6300v2 Firmware, R6400 and 19 more | 2022-01-06 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R7900 before 1.0.3.18, R8000 before 1.0.4.46, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX75 before 1.0.3.88, RAX80 before 1.0.3.88, and WNR3500Lv2 before 1.2.0.62. | |||||
| CVE-2020-20943 | 1 Qibosoft | 1 Qibosoft | 2022-01-06 | 4.3 MEDIUM | 4.3 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL. | |||||
| CVE-2021-4179 | 1 Livehelperchat | 1 Live Helper Chat | 2022-01-06 | 3.5 LOW | 5.4 MEDIUM |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4177 | 1 Livehelperchat | 1 Live Helper Chat | 2022-01-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information | |||||
| CVE-2021-45911 | 1 Gif2apng Project | 1 Gif2apng | 2022-01-06 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer. | |||||
| CVE-2021-45910 | 1 Gif2apng Project | 1 Gif2apng | 2022-01-06 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written. | |||||
| CVE-2021-45909 | 1 Gif2apng Project | 1 Gif2apng | 2022-01-06 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer. | |||||
| CVE-2019-25055 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary. | |||||
| CVE-2021-45908 | 1 Gif2apng Project | 1 Gif2apng | 2022-01-06 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted. | |||||
| CVE-2021-45907 | 1 Gif2apng Project | 1 Gif2apng | 2022-01-06 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted. | |||||
| CVE-2021-45707 | 1 Nix Project | 1 Nix | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nix crate before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups. | |||||
| CVE-2021-45540 | 1 Netgear | 26 Mr60, Mr60 Firmware, Ms60 and 23 more | 2022-01-06 | 5.2 MEDIUM | 8.4 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX45 before 1.0.2.66, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX50 before 1.0.2.66, and RAX75 before 1.0.3.106. | |||||
| CVE-2021-45539 | 1 Netgear | 24 Mr60, Mr60 Firmware, Ms60 and 21 more | 2022-01-06 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.28, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.28, and RAX75 before 1.0.3.106. | |||||
| CVE-2021-45704 | 1 Metrics-util Project | 1 Metrics-util | 2022-01-06 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket<T> unconditionally implements the Send and Sync traits. | |||||
| CVE-2021-45703 | 1 Tectonic Xdv Project | 1 Tectonic Xdv | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations. | |||||
| CVE-2021-45699 | 1 Nervos | 1 Ckb | 2022-01-06 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap. | |||||
| CVE-2021-45698 | 1 Nervos | 1 Ckb | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction. | |||||
| CVE-2021-45695 | 1 Mopa Project | 1 Mopa | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass. | |||||
| CVE-2021-45694 | 1 Rdiff Project | 1 Rdiff | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations. | |||||
| CVE-2021-45693 | 1 Messagepack-rs Project | 1 Messagepack-rs | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations. | |||||
| CVE-2021-45692 | 1 Messagepack-rs Project | 1 Messagepack-rs | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations. | |||||
| CVE-2021-27007 | 1 Netapp | 1 Virtual Desktop Service | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session. | |||||
| CVE-2021-45705 | 1 Nanorand Project | 1 Nanorand | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer. | |||||
| CVE-2021-45547 | 1 Netgear | 28 R7850, R7850 Firmware, R7900p and 25 more | 2022-01-06 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
| CVE-2021-45691 | 1 Messagepack-rs Project | 1 Messagepack-rs | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations. | |||||
| CVE-2021-45546 | 1 Netgear | 28 R7850, R7850 Firmware, R7900p and 25 more | 2022-01-06 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
| CVE-2021-45690 | 1 Messagepack-rs Project | 1 Messagepack-rs | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations. | |||||
| CVE-2021-45689 | 1 Gfx-auxil Project | 1 Gfx-auxil | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations. | |||||
| CVE-2021-45688 | 1 Ash Project | 1 Ash | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations. | |||||
| CVE-2021-45603 | 1 Netgear | 36 D7800, D7800 Firmware, Ex2700 and 33 more | 2022-01-06 | 2.1 LOW | 5.5 MEDIUM |
| Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46. | |||||
| CVE-2020-36511 | 1 Bite Project | 1 Bite | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations. | |||||
| CVE-2021-45716 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free. | |||||
| CVE-2020-36514 | 1 Acc Reader Project | 1 Acc Reader | 2022-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations. | |||||
| CVE-2021-37583 | 1 Mediatek | 14 Mt7603e, Mt7603e Firmware, Mt7613 and 11 more | 2022-01-06 | 9.3 HIGH | 8.8 HIGH |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write). | |||||
| CVE-2021-37584 | 1 Mediatek | 20 Mt7603e, Mt7603e Firmware, Mt7610 and 17 more | 2022-01-06 | 9.3 HIGH | 8.8 HIGH |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). | |||||
| CVE-2021-24753 | 1 Starfish | 1 Rich Review | 2022-01-06 | 6.5 MEDIUM | 7.2 HIGH |
| The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue | |||||
| CVE-2021-37572 | 1 Mediatek | 14 Mt7603e, Mt7603e Firmware, Mt7613 and 11 more | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Missing authorization). | |||||
| CVE-2021-37568 | 1 Mediatek | 14 Mt7603e, Mt7603e Firmware, Mt7613 and 11 more | 2022-01-06 | 9.3 HIGH | 8.8 HIGH |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write). | |||||
| CVE-2021-24797 | 1 Tickera | 1 Tickera | 2022-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. | |||||
| CVE-2021-24979 | 1 Strangerstudios | 1 Paid Memberships Pro | 2022-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-24969 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2022-01-06 | 3.5 LOW | 5.4 MEDIUM |
| The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks | |||||
| CVE-2021-24967 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2022-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads | |||||
| CVE-2021-24980 | 1 Gwolle Guestbook Project | 1 Gwolle Guestbook | 2022-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin page | |||||
| CVE-2019-25054 | 1 Pnet Project | 1 Pnet | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upon attempted dereference of an uninitialized descriptor) because of an erroneous IcmpTransportChannelIterator compiler optimization. | |||||
| CVE-2021-24984 | 1 Wpfront | 1 Wpfront User Role Editor | 2022-01-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-24988 | 1 Wprssaggregator | 1 Wp Rss Aggregator | 2022-01-06 | 3.5 LOW | 5.4 MEDIUM |
| The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter. | |||||
| CVE-2021-24992 | 1 Buttonizer | 1 Buttonizer | 2022-01-06 | 3.5 LOW | 4.8 MEDIUM |
| The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-45715 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free. | |||||
| CVE-2021-24902 | 1 Typebot | 1 Typebot | 2022-01-06 | 3.5 LOW | 4.8 MEDIUM |
| The Typebot | Build beautiful conversational forms WordPress plugin before 1.4.3 does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-45544 | 1 Netgear | 22 R7850, R7850 Firmware, R7900p and 19 more | 2022-01-06 | 6.5 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||