CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-45911 787 Overflow 2021-12-28 2022-01-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.
2 CVE-2021-45910 787 Overflow 2021-12-28 2022-01-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.
3 CVE-2021-45909 787 Overflow 2021-12-28 2022-01-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.
4 CVE-2021-45908 787 Overflow 2021-12-28 2022-01-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.
5 CVE-2021-45907 787 Overflow 2021-12-28 2022-01-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.
6 CVE-2021-45906 79 XSS 2021-12-27 2022-01-03
3.5
None Remote Medium ??? None Partial None
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
7 CVE-2021-45905 79 XSS 2021-12-27 2022-01-03
3.5
None Remote Medium ??? None Partial None
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
8 CVE-2021-45904 79 XSS 2021-12-27 2022-01-03
3.5
None Remote Medium ??? None Partial None
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
9 CVE-2021-45903 79 XSS 2021-12-28 2022-01-06
4.3
None Remote Medium Not required None Partial None
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.
10 CVE-2021-45896 269 2021-12-27 2022-01-12
6.0
None Remote Medium ??? Partial Partial Partial
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.
11 CVE-2021-45895 79 XSS 2021-12-27 2022-01-07
4.3
None Remote Medium Not required None Partial None
Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface.
12 CVE-2021-45890 287 2021-12-27 2022-01-07
7.5
None Remote Low Not required Partial Partial Partial
basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.
13 CVE-2021-45885 613 2021-12-29 2022-01-11
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.
14 CVE-2021-45884 200 +Info 2021-12-27 2022-01-07
4.3
None Remote Medium Not required Partial None None
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.
15 CVE-2021-45818 74 Http R.Spl. 2021-12-30 2022-01-11
4.3
None Remote Medium Not required None Partial None
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to can lead to HTTP response splitting.
16 CVE-2021-45815 79 XSS 2021-12-30 2022-01-10
4.3
None Remote Medium Not required None Partial None
Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability.
17 CVE-2021-45814 89 Sql Bypass 2021-12-28 2022-01-07
7.5
None Remote Low Not required Partial Partial Partial
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
18 CVE-2021-45813 79 XSS 2021-12-28 2022-01-12
4.3
None Remote Medium Not required None Partial None
SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.
19 CVE-2021-45812 79 XSS 2021-12-28 2022-01-07
4.3
None Remote Medium Not required None Partial None
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking.
20 CVE-2021-45732 798 2021-12-30 2022-01-11
6.5
None Remote Low ??? Partial Partial Partial
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.
21 CVE-2021-45720 416 2021-12-26 2022-01-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation.
22 CVE-2021-45719 416 2021-12-26 2022-01-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free.
23 CVE-2021-45718 416 2021-12-26 2022-01-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free.
24 CVE-2021-45717 416 2021-12-26 2022-01-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free.
25 CVE-2021-45716 416 2021-12-26 2022-01-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free.
26 CVE-2021-45715 416 2021-12-26 2022-01-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.
27 CVE-2021-45714 416 2021-12-26 2022-01-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free.
28 CVE-2021-45713 416 2021-12-26 2022-01-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free.
29 CVE-2021-45712 22 Dir. Trav. 2021-12-26 2022-01-06
5.0
None Remote Low Not required Partial None None
An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode.
30 CVE-2021-45711 400 2021-12-27 2022-01-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f.
31 CVE-2021-45710 362 Mem. Corr. 2021-12-27 2022-01-06
5.1
None Remote High Not required Partial Partial Partial
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.
32 CVE-2021-45709 327 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur.
33 CVE-2021-45708 668 Bypass +Info 2021-12-27 2022-01-10
5.0
None Remote Low Not required Partial None None
An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.
34 CVE-2021-45707 787 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the nix crate before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
35 CVE-2021-45706 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.
36 CVE-2021-45705 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer.
37 CVE-2021-45704 362 Mem. Corr. 2021-12-27 2022-01-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket<T> unconditionally implements the Send and Sync traits.
38 CVE-2021-45703 908 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations.
39 CVE-2021-45702 416 2021-12-27 2022-01-10
5.0
None Remote Low Not required None None Partial
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free.
40 CVE-2021-45701 416 2021-12-27 2022-01-10
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.
41 CVE-2021-45700 400 DoS 2021-12-27 2022-01-06
7.8
None Remote Low Not required None None Complete
An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup.
42 CVE-2021-45699 770 2021-12-27 2022-01-06
7.8
None Remote Low Not required None None Complete
An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap.
43 CVE-2021-45698 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction.
44 CVE-2021-45697 2021-12-27 2022-01-10
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result.
45 CVE-2021-45696 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used.
46 CVE-2021-45695 Exec Code Bypass 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass.
47 CVE-2021-45694 908 2021-12-27 2022-01-06
5.0
None Remote Low Not required Partial None None
An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations.
48 CVE-2021-45693 908 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations.
49 CVE-2021-45692 908 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations.
50 CVE-2021-45691 908 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations.
Total number of vulnerabilities : 20141   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.