| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-45911 |
787 |
|
Overflow |
2021-12-28 |
2022-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer. |
|
2 |
CVE-2021-45910 |
787 |
|
Overflow |
2021-12-28 |
2022-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written. |
|
3 |
CVE-2021-45909 |
787 |
|
Overflow |
2021-12-28 |
2022-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer. |
|
4 |
CVE-2021-45908 |
787 |
|
Overflow |
2021-12-28 |
2022-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted. |
|
5 |
CVE-2021-45907 |
787 |
|
Overflow |
2021-12-28 |
2022-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted. |
|
6 |
CVE-2021-45906 |
79 |
|
XSS |
2021-12-27 |
2023-05-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. |
|
7 |
CVE-2021-45905 |
79 |
|
XSS |
2021-12-27 |
2023-05-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. |
|
8 |
CVE-2021-45904 |
79 |
|
XSS |
2021-12-27 |
2023-05-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. |
|
9 |
CVE-2021-45903 |
79 |
|
XSS |
2021-12-28 |
2022-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268. |
|
10 |
CVE-2021-45896 |
269 |
|
|
2021-12-27 |
2022-01-12 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. |
|
11 |
CVE-2021-45895 |
79 |
|
XSS |
2021-12-27 |
2022-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface. |
|
12 |
CVE-2021-45890 |
287 |
|
|
2021-12-27 |
2022-01-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier. |
|
13 |
CVE-2021-45885 |
613 |
|
|
2021-12-29 |
2022-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in Stormshield Network Security (SNS) 4.2.2 through 4.2.7 (fixed in 4.2.8). Under a specific update-migration scenario, the first SSH password change does not properly clear the old password. |
|
14 |
CVE-2021-45884 |
200 |
|
+Info |
2021-12-27 |
2022-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916. |
|
15 |
CVE-2021-45818 |
74 |
|
Http R.Spl. |
2021-12-30 |
2023-01-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting. |
|
16 |
CVE-2021-45815 |
79 |
|
XSS |
2021-12-30 |
2022-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability. |
|
17 |
CVE-2021-45814 |
89 |
|
Sql Bypass |
2021-12-28 |
2022-01-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account. |
|
18 |
CVE-2021-45813 |
79 |
|
XSS |
2021-12-28 |
2022-01-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft. |
|
19 |
CVE-2021-45812 |
79 |
|
XSS |
2021-12-28 |
2022-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking. |
|
20 |
CVE-2021-45732 |
798 |
|
|
2021-12-30 |
2022-01-11 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed. |
|
21 |
CVE-2021-45720 |
416 |
|
|
2021-12-26 |
2022-02-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation. |
|
22 |
CVE-2021-45719 |
416 |
|
|
2021-12-26 |
2022-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free. |
|
23 |
CVE-2021-45718 |
416 |
|
|
2021-12-26 |
2022-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free. |
|
24 |
CVE-2021-45717 |
416 |
|
|
2021-12-26 |
2022-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free. |
|
25 |
CVE-2021-45716 |
416 |
|
|
2021-12-26 |
2022-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free. |
|
26 |
CVE-2021-45715 |
416 |
|
|
2021-12-26 |
2022-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free. |
|
27 |
CVE-2021-45714 |
416 |
|
|
2021-12-26 |
2022-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free. |
|
28 |
CVE-2021-45713 |
416 |
|
|
2021-12-26 |
2022-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free. |
|
29 |
CVE-2021-45712 |
22 |
|
Dir. Trav. |
2021-12-26 |
2022-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode. |
|
30 |
CVE-2021-45711 |
20 |
|
|
2021-12-27 |
2022-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f. |
|
31 |
CVE-2021-45710 |
362 |
|
Mem. Corr. |
2021-12-27 |
2022-11-01 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption. |
|
32 |
CVE-2021-45709 |
327 |
|
|
2021-12-27 |
2022-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur. |
|
33 |
CVE-2021-45708 |
668 |
|
Bypass +Info |
2021-12-27 |
2022-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass. |
|
34 |
CVE-2021-45707 |
787 |
|
|
2021-12-27 |
2022-10-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups. |
|
35 |
CVE-2021-45706 |
459 |
|
|
2021-12-27 |
2022-06-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum. |
|
36 |
CVE-2021-45705 |
|
|
|
2021-12-27 |
2022-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer. |
|
37 |
CVE-2021-45704 |
362 |
|
Mem. Corr. |
2021-12-27 |
2022-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket<T> unconditionally implements the Send and Sync traits. |
|
38 |
CVE-2021-45703 |
908 |
|
|
2021-12-27 |
2022-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations. |
|
39 |
CVE-2021-45702 |
416 |
|
|
2021-12-27 |
2022-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free. |
|
40 |
CVE-2021-45701 |
416 |
|
|
2021-12-27 |
2022-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free. |
|
41 |
CVE-2021-45700 |
|
|
DoS |
2021-12-27 |
2022-07-12 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup. |
|
42 |
CVE-2021-45699 |
770 |
|
|
2021-12-27 |
2022-01-06 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap. |
|
43 |
CVE-2021-45698 |
|
|
|
2021-12-27 |
2022-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction. |
|
44 |
CVE-2021-45697 |
|
|
|
2021-12-27 |
2022-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result. |
|
45 |
CVE-2021-45696 |
|
|
|
2021-12-27 |
2022-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used. |
|
46 |
CVE-2021-45695 |
|
|
Exec Code Bypass |
2021-12-27 |
2022-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass. |
|
47 |
CVE-2021-45694 |
908 |
|
|
2021-12-27 |
2022-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations. |
|
48 |
CVE-2021-45693 |
908 |
|
|
2021-12-27 |
2022-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations. |
|
49 |
CVE-2021-45692 |
908 |
|
|
2021-12-27 |
2022-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations. |
|
50 |
CVE-2021-45691 |
908 |
|
|
2021-12-27 |
2022-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations. |
