CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-45911 787 Overflow 2021-12-28 2022-03-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.
2 CVE-2021-45910 787 Overflow 2021-12-28 2022-03-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.
3 CVE-2021-45909 787 Overflow 2021-12-28 2022-04-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.
4 CVE-2021-45908 787 Overflow 2021-12-28 2022-01-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.
5 CVE-2021-45907 787 Overflow 2021-12-28 2022-01-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.
6 CVE-2021-45906 79 XSS 2021-12-27 2022-01-03
3.5
None Remote Medium ??? None Partial None
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
7 CVE-2021-45905 79 XSS 2021-12-27 2022-01-03
3.5
None Remote Medium ??? None Partial None
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
8 CVE-2021-45904 79 XSS 2021-12-27 2022-01-03
3.5
None Remote Medium ??? None Partial None
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
9 CVE-2021-45903 79 XSS 2021-12-28 2022-01-06
4.3
None Remote Medium Not required None Partial None
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.
10 CVE-2021-45896 269 2021-12-27 2022-01-12
6.0
None Remote Medium ??? Partial Partial Partial
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.
11 CVE-2021-45895 79 XSS 2021-12-27 2022-01-07
4.3
None Remote Medium Not required None Partial None
Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface.
12 CVE-2021-45890 287 2021-12-27 2022-01-07
7.5
None Remote Low Not required Partial Partial Partial
basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.
13 CVE-2021-45885 613 2021-12-29 2022-01-11
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password.
14 CVE-2021-45884 200 +Info 2021-12-27 2022-01-07
4.3
None Remote Medium Not required Partial None None
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.
15 CVE-2021-45818 74 Http R.Spl. 2021-12-30 2022-06-08
4.3
None Remote Medium Not required None Partial None
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting.
16 CVE-2021-45815 79 XSS 2021-12-30 2022-01-10
4.3
None Remote Medium Not required None Partial None
Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability.
17 CVE-2021-45814 89 Sql Bypass 2021-12-28 2022-01-07
7.5
None Remote Low Not required Partial Partial Partial
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
18 CVE-2021-45813 79 XSS 2021-12-28 2022-01-12
4.3
None Remote Medium Not required None Partial None
SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.
19 CVE-2021-45812 79 XSS 2021-12-28 2022-01-07
4.3
None Remote Medium Not required None Partial None
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking.
20 CVE-2021-45732 798 2021-12-30 2022-01-11
6.5
None Remote Low ??? Partial Partial Partial
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.
21 CVE-2021-45720 416 2021-12-26 2022-02-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation.
22 CVE-2021-45719 416 2021-12-26 2022-01-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free.
23 CVE-2021-45718 416 2021-12-26 2022-01-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free.
24 CVE-2021-45717 416 2021-12-26 2022-01-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free.
25 CVE-2021-45716 416 2021-12-26 2022-01-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free.
26 CVE-2021-45715 416 2021-12-26 2022-01-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.
27 CVE-2021-45714 416 2021-12-26 2022-01-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free.
28 CVE-2021-45713 416 2021-12-26 2022-01-06
5.0
None Remote Low Not required None None Partial
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free.
29 CVE-2021-45712 22 Dir. Trav. 2021-12-26 2022-01-06
5.0
None Remote Low Not required Partial None None
An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode.
30 CVE-2021-45711 20 2021-12-27 2022-07-12
5.0
None Remote Low Not required None None Partial
An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f.
31 CVE-2021-45710 362 Mem. Corr. 2021-12-27 2022-11-01
5.1
None Remote High Not required Partial Partial Partial
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.
32 CVE-2021-45709 327 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur.
33 CVE-2021-45708 668 Bypass +Info 2021-12-27 2022-01-10
5.0
None Remote Low Not required Partial None None
An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.
34 CVE-2021-45707 787 2021-12-27 2022-10-28
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
35 CVE-2021-45706 459 2021-12-27 2022-06-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.
36 CVE-2021-45705 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer.
37 CVE-2021-45704 362 Mem. Corr. 2021-12-27 2022-01-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket<T> unconditionally implements the Send and Sync traits.
38 CVE-2021-45703 908 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations.
39 CVE-2021-45702 416 2021-12-27 2022-01-10
5.0
None Remote Low Not required None None Partial
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free.
40 CVE-2021-45701 416 2021-12-27 2022-01-10
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.
41 CVE-2021-45700 DoS 2021-12-27 2022-07-12
7.8
None Remote Low Not required None None Complete
An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup.
42 CVE-2021-45699 770 2021-12-27 2022-01-06
7.8
None Remote Low Not required None None Complete
An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap.
43 CVE-2021-45698 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction.
44 CVE-2021-45697 2021-12-27 2022-01-10
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result.
45 CVE-2021-45696 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used.
46 CVE-2021-45695 Exec Code Bypass 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass.
47 CVE-2021-45694 908 2021-12-27 2022-01-06
5.0
None Remote Low Not required Partial None None
An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations.
48 CVE-2021-45693 908 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations.
49 CVE-2021-45692 908 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations.
50 CVE-2021-45691 908 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations.
Total number of vulnerabilities : 1946   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.