Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25004 | 1 Google | 1 Flatbuffers | 2021-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness. | |||||
| CVE-2020-7771 | 1 Asciitable.js Project | 1 Asciitable.js | 2021-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function. | |||||
| CVE-2020-35904 | 1 Crossbeam-channel Project | 1 Crossbeam-channel | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are. | |||||
| CVE-2020-35919 | 1 Net2 Project | 1 Net2 | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |||||
| CVE-2020-35920 | 1 Rust-lang | 1 Socket2 | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |||||
| CVE-2020-35921 | 1 Miow Project | 1 Miow | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |||||
| CVE-2020-35922 | 1 Mio Project | 1 Mio | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation. | |||||
| CVE-2019-25007 | 1 Streebog Project | 1 Streebog | 2021-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic. | |||||
| CVE-2020-35927 | 1 Thex Project | 1 Thex | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types. | |||||
| CVE-2020-35903 | 1 Dync Project | 1 Dync | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question. | |||||
| CVE-2020-35915 | 1 Futures-intrusive Project | 1 Futures-intrusive | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types. | |||||
| CVE-2020-35910 | 1 Lock Api Project | 1 Lock Api | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness. | |||||
| CVE-2020-35925 | 1 Magnetic Project | 1 Magnetic | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type. | |||||
| CVE-2020-35908 | 1 Rust-lang | 1 Future-utils | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled. | |||||
| CVE-2020-3284 | 1 Cisco | 87 A99-rp2-se, A99-rp2-se Firmware, A99-rp2-tr and 84 more | 2021-01-05 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device. Note: To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of this advisory. | |||||
| CVE-2015-5184 | 1 Redhat | 2 Amq, Jboss Enterprise Web Server | 2021-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Console: CORS headers set to allow all in Red Hat AMQ. | |||||
| CVE-2015-5183 | 1 Redhat | 3 Amq, Jboss A-mq, Jboss Enterprise Web Server | 2021-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. | |||||
| CVE-2020-15898 | 1 Arista | 49 7050cx3-32s, 7050cx3m-32s, 7050qx-32s and 46 more | 2021-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train. | |||||
| CVE-2020-35173 | 1 Amaze File Manager Project | 1 Amaze File Manager | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER). | |||||
| CVE-2019-15078 | 1 Xbornid | 1 Xbornid | 2021-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free. | |||||