CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2020 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-35931 754 2020-12-31 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.
2 CVE-2020-35926 338 2020-12-31 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.
3 CVE-2020-35909 2020-12-31 2021-01-14
7.8
None Remote Low Not required None None Complete
An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server.
4 CVE-2020-35906 416 2020-12-31 2021-01-06
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation.
5 CVE-2020-35902 416 2020-12-31 2021-01-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed.
6 CVE-2020-35901 416 2020-12-31 2021-01-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream.
7 CVE-2020-35898 416 2020-12-31 2021-01-07
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.
8 CVE-2020-35896 400 2020-12-31 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.
9 CVE-2020-35895 787 2020-12-31 2021-01-07
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion.
10 CVE-2020-35894 706 2020-12-31 2021-01-07
5.0
None Remote Low Not required None Partial None
An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur.
11 CVE-2020-35893 193 2020-12-31 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory.
12 CVE-2020-35892 125 2020-12-31 2021-01-06
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read.
13 CVE-2020-35891 415 2020-12-31 2021-01-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free.
14 CVE-2020-35890 125 2020-12-31 2021-01-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity.
15 CVE-2020-35889 367 2020-12-31 2021-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike.
16 CVE-2020-35888 2020-12-31 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template.
17 CVE-2020-35887 120 Overflow 2020-12-31 2021-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut.
18 CVE-2020-35885 415 2020-12-31 2021-09-13
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.
19 CVE-2020-35884 444 2020-12-31 2022-04-01
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.
20 CVE-2020-35883 22 Dir. Trav. 2020-12-31 2021-01-07
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.
21 CVE-2020-35882 362 2020-12-31 2021-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race.
22 CVE-2020-35881 787 Mem. Corr. 2020-12-31 2021-01-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x.
23 CVE-2020-35880 2020-12-31 2021-01-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation.
24 CVE-2020-35879 2020-12-31 2021-01-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut.
25 CVE-2020-35878 119 Overflow 2020-12-31 2021-01-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory.
26 CVE-2020-35877 119 Overflow 2020-12-31 2021-01-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access.
27 CVE-2020-35876 772 +Info 2020-12-31 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race.
28 CVE-2020-35875 2020-12-31 2021-01-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly.
29 CVE-2020-35874 362 2020-12-31 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free.
30 CVE-2020-35873 416 2020-12-31 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free.
31 CVE-2020-35872 2020-12-31 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.
32 CVE-2020-35871 362 2020-12-31 2022-01-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API data race.
33 CVE-2020-35870 416 2020-12-31 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free.
34 CVE-2020-35869 134 2020-12-31 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.
35 CVE-2020-35868 2020-12-31 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via UnlockNotification.
36 CVE-2020-35867 2020-12-31 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via create_module.
37 CVE-2020-35866 2020-12-31 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via VTab / VTabCursor.
38 CVE-2020-35865 2020-12-31 2021-01-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in the os_str_bytes crate before 2.0.0 for Rust. It has false expectations about char::from_u32_unchecked behavior.
39 CVE-2020-35864 2020-12-31 2021-01-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. read_scalar (and read_scalar_at) can transmute values without unsafe blocks.
40 CVE-2020-35863 94 Exec Code 2020-12-31 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.
41 CVE-2020-35862 415 2020-12-31 2021-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free.
42 CVE-2020-35861 125 2020-12-31 2021-01-06
5.0
None Remote Low Not required Partial None None
An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys.
43 CVE-2020-35860 476 2020-12-31 2021-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the cbox crate through 2020-03-19 for Rust. The CBox API allows dereferencing raw pointers without a requirement for unsafe code.
44 CVE-2020-35859 770 Mem. Corr. +Info 2020-12-31 2021-07-21
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption.
45 CVE-2020-35858 400 DoS Exec Code 2020-12-31 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM).
46 CVE-2020-35857 400 2020-12-31 2021-01-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.
47 CVE-2020-35851 78 Exec Code 2020-12-31 2021-01-07
10.0
None Remote Low Not required Complete Complete Complete
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.
48 CVE-2020-35849 863 +Priv 2020-12-30 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter.
49 CVE-2020-35848 89 Sql 2020-12-30 2022-04-05
7.5
None Remote Low Not required Partial Partial Partial
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
50 CVE-2020-35847 89 Sql 2020-12-30 2022-04-05
7.5
None Remote Low Not required Partial Partial Partial
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
Total number of vulnerabilities : 881   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.