Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36467 | 1 Cgc Project | 1 Cgc | 2021-08-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object. | |||||
| CVE-2021-38196 | 1 Better-macro Project | 1 Better-macro | 2021-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose. | |||||
| CVE-2020-25560 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed. | |||||
| CVE-2020-25561 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 4.6 MEDIUM | 7.8 HIGH |
| SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client. | |||||
| CVE-2020-25562 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF vulnerabilities in critical application forms like account resent. | |||||
| CVE-2020-25563 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any credentials by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature and not having a JSESSIONID. | |||||
| CVE-2021-38192 | 1 Prost Project | 1 Prost | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the prost-types crate before 0.8.0 for Rust. An overflow can occur during conversion from Timestamp to SystemTime. | |||||
| CVE-2021-38193 | 1 Ammonia Project | 1 Ammonia | 2021-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870. | |||||
| CVE-2020-36450 | 1 Bunch Project | 1 Bunch | 2021-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the bunch crate through 2020-11-12 for Rust. There are unconditional implementations of Send and Sync for Bunch<T>. | |||||
| CVE-2020-36465 | 1 Generic-array Project | 1 Generic-array | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes. | |||||
| CVE-2020-36449 | 1 Kekbit Project | 1 Kekbit | 2021-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ShmWriter<H>, Send is implemented without requiring H: Send. | |||||
| CVE-2020-36448 | 1 Cache Project | 1 Cache | 2021-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the cache crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for Cache<K>. | |||||
| CVE-2020-36464 | 1 Heapless Project | 1 Heapless | 2021-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed. | |||||
| CVE-2021-38185 | 1 Gnu | 1 Cpio | 2021-08-16 | 6.8 MEDIUM | 7.8 HIGH |
| GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. | |||||
| CVE-2018-17776 | 1 Pcprotect | 1 Antivirus | 2021-08-16 | 6.8 MEDIUM | 7.8 HIGH |
| PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | |||||
| CVE-2021-1721 | 1 Microsoft | 5 .net, .net Core, Powershell Core and 2 more | 2021-08-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| .NET Core and Visual Studio Denial of Service Vulnerability | |||||
| CVE-2021-28216 | 1 Tianocore | 1 Edk Ii | 2021-08-16 | 4.6 MEDIUM | 7.8 HIGH |
| BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. | |||||
| CVE-2017-5715 | 7 Arm, Canonical, Debian and 4 more | 221 Cortex-a, Ubuntu Linux, Debian Linux and 218 more | 2021-08-16 | 1.9 LOW | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |||||
| CVE-2021-38186 | 1 Comrak Project | 1 Comrak | 2021-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities. | |||||
| CVE-2021-38159 | 1 Progress | 1 Moveit Transfer | 2021-08-14 | 7.5 HIGH | 9.8 CRITICAL |
| In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or execute SQL statements that alter or delete database elements, via crafted strings sent to unique MOVEit Transfer transaction types. The fixed versions are 2019.0.8 (11.0.8), 2019.1.7 (11.1.7), 2019.2.4 (11.2.4), 2020.0.7 (12.0.7), 2020.1.6 (12.1.6), and 2021.0.4 (13.0.4). | |||||