Security Vulnerabilities, CVEs, Published In 2021 CVSS score >= 8
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.
Max CVSS
8.8
EPSS Score
0.09%
Published
2021-12-27
Updated
2022-01-12
basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-12-27
Updated
2022-01-07
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
Max CVSS
9.8
EPSS Score
1.22%
Published
2021-12-28
Updated
2022-01-07
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.
Max CVSS
8.8
EPSS Score
0.10%
Published
2021-12-30
Updated
2022-01-11
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.
Max CVSS
8.1
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-11-01
An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur.
Max CVSS
9.8
EPSS Score
0.14%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-10-28
An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-06-22
An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket<T> unconditionally implements the Send and Sync traits.
Max CVSS
8.1
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-10
An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-10
An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic.
Max CVSS
9.8
EPSS Score
0.22%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
6364 vulnerabilities found
1
2
3
4
5
6 ......
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255