Security Vulnerabilities, CVEs, Published In 2021 CVSS score >= 9
basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-12-27
Updated
2022-01-07
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
Max CVSS
9.8
EPSS Score
1.22%
Published
2021-12-28
Updated
2022-01-07
An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur.
Max CVSS
9.8
EPSS Score
0.14%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-10-28
An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-06-22
An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-10
An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-10
An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic.
Max CVSS
9.8
EPSS Score
0.22%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations.
Max CVSS
9.8
EPSS Score
0.21%
Published
2021-12-27
Updated
2022-01-06
NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-12-26
Updated
2022-01-05
3600 vulnerabilities found
1
2
3
4
5
6 ......
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144