CVE List - 2021 / December
Showing 1701 - 1800 of 1978 CVEs for December 2021 (Page 18 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-45526 | 2021-12-26 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects EX6000 before 1.0.0.38, EX6120 before 1.0.0.48, EX6130 before 1.0.0.30, R6300v2 before 1.0.4.52, R6400 before 1.0.1.52,... |
| CVE-2021-45525 | 2021-12-26 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects EX7000 before 1.0.1.80, R6400 before 1.0.1.50, R6400v2 before 1.0.4.118, R6700 before 1.0.2.8, R6700v3 before 1.0.4.118,... |
| CVE-2021-45524 | 2021-12-26 | NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflow by an authenticated user. |
| CVE-2021-45523 | 2021-12-26 | NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user. |
| CVE-2021-45522 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password. |
| CVE-2021-45521 | 2021-12-26 | Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. |
| CVE-2021-45520 | 2021-12-26 | Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. |
| CVE-2021-45519 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. |
| CVE-2021-45518 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. |
| CVE-2021-45517 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. |
| CVE-2021-45516 | 2021-12-26 | Certain NETGEAR devices are affected by denial of service. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R8000 before 1.0.4.74, RBK852 before 3.2.10.11, RBR850... |
| CVE-2021-45515 | 2021-12-26 | Certain NETGEAR devices are affected by denial of service. This affects EX7500 before 1.0.0.72, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, RBRE960 before 6.0.3.68, RBSE960 before 6.0.3.68, RBR750 before 3.2.17.12, RBR850... |
| CVE-2021-45514 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. |
| CVE-2021-45513 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. |
| CVE-2021-45512 | 2021-12-26 | Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before... |
| CVE-2021-45511 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before... |
| CVE-2021-45510 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass. |
| CVE-2021-45509 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850... |
| CVE-2021-45508 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, and RBR850... |
| CVE-2021-45507 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBW30 before 2.6.2.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before... |
| CVE-2021-45506 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850... |
| CVE-2021-45505 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850... |
| CVE-2021-45504 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. |
| CVE-2021-45503 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850... |
| CVE-2021-45502 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before... |
| CVE-2021-45501 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before... |
| CVE-2021-45500 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68. |
| CVE-2021-45499 | 2021-12-26 | Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80... |
| CVE-2021-45498 | 2021-12-26 | NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass. |
| CVE-2021-45497 | 2021-12-26 | NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. |
| CVE-2021-45496 | 2021-12-26 | NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. |
| CVE-2021-45495 | 2021-12-26 | NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass. |
| CVE-2021-45494 | 2021-12-26 | Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. |
| CVE-2021-45493 | 2021-12-26 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102. |
| CVE-2021-44078 | 2021-12-26 | An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute... |
| CVE-2021-4169 | 2021-12-26 | Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat |
| CVE-2021-4168 | 2021-12-26 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-44598 | 2021-12-26 | Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute... |
| CVE-2021-45686 | 2021-12-26 | An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory locations. |
| CVE-2021-45720 | 2021-12-26 | An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation. |
| CVE-2021-45719 | 2021-12-26 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free. |
| CVE-2021-45718 | 2021-12-26 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free. |
| CVE-2021-45717 | 2021-12-26 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free. |
| CVE-2021-45716 | 2021-12-26 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free. |
| CVE-2021-45715 | 2021-12-26 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free. |
| CVE-2021-45714 | 2021-12-26 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free. |
| CVE-2021-45713 | 2021-12-26 | An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free. |
| CVE-2021-45712 | 2021-12-26 | An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode. |
| CVE-2021-45711 | 2021-12-26 | An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater... |
| CVE-2021-45710 | 2021-12-26 | An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data... |
| CVE-2021-45709 | 2021-12-26 | An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur. |
| CVE-2021-45708 | 2021-12-26 | An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass. |
| CVE-2021-45707 | 2021-12-26 | An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user... |
| CVE-2021-45706 | 2021-12-26 | An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum. |
| CVE-2021-45705 | 2021-12-26 | An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw... |
| CVE-2021-45704 | 2021-12-26 | An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket<T> unconditionally implements the Send and Sync traits. |
| CVE-2021-45703 | 2021-12-26 | An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations. |
| CVE-2021-45702 | 2021-12-26 | An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free. |
| CVE-2021-45701 | 2021-12-26 | An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free. |
| CVE-2021-45700 | 2021-12-26 | An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is... |
| CVE-2021-45699 | 2021-12-26 | An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an... |
| CVE-2021-45698 | 2021-12-26 | An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain... |
| CVE-2021-45697 | 2021-12-26 | An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result. |
| CVE-2021-45696 | 2021-12-26 | An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used. |
| CVE-2021-45695 | 2021-12-26 | An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR... |
| CVE-2021-45694 | 2021-12-26 | An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations. |
| CVE-2021-45693 | 2021-12-26 | An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations. |
| CVE-2021-45692 | 2021-12-26 | An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations. |
| CVE-2021-45691 | 2021-12-26 | An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations. |
| CVE-2021-45690 | 2021-12-26 | An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations. |
| CVE-2021-45689 | 2021-12-26 | An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations. |
| CVE-2021-45688 | 2021-12-26 | An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations. |
| CVE-2021-45687 | 2021-12-26 | An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient... |
| CVE-2021-45685 | 2021-12-26 | An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations. |
| CVE-2021-45684 | 2021-12-26 | An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations. |
| CVE-2021-45683 | 2021-12-26 | An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations. |
| CVE-2021-45682 | 2021-12-26 | An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations. |
| CVE-2021-45681 | 2021-12-26 | An issue was discovered in the derive-com-impl crate before 0.1.2 for Rust. An invalid reference (and memory corruption) can occur because AddRef might not be called before returning a pointer. |
| CVE-2021-45680 | 2021-12-26 | An issue was discovered in the vec-const crate before 2.0.0 for Rust. It tries to construct a Vec from a pointer to a const slice, leading to memory corruption. |
| CVE-2020-36514 | 2021-12-26 | An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations. |
| CVE-2020-36513 | 2021-12-26 | An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations. |
| CVE-2020-36512 | 2021-12-26 | An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations. |
| CVE-2020-36511 | 2021-12-26 | An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations. |
| CVE-2019-25055 | 2021-12-26 | An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary. |
| CVE-2019-25054 | 2021-12-26 | An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upon attempted dereference of an uninitialized descriptor) because of an erroneous IcmpTransportChannelIterator compiler... |
| CVE-2018-25028 | 2021-12-26 | An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free. |
| CVE-2018-25027 | 2021-12-26 | An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free. |
| CVE-2018-25026 | 2021-12-26 | An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading... |
| CVE-2018-25025 | 2021-12-26 | An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption. |
| CVE-2018-25024 | 2021-12-26 | An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption. |
| CVE-2021-43845 | 2021-12-27 | Prevent out-of-bounds read in PJSIP |
| CVE-2021-24753 | 2021-12-27 | Rich Reviews by Starfish < 1.9.6 - Admin+ SQL Injection |
| CVE-2021-24797 | 2021-12-27 | Tickera < 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-24902 | 2021-12-27 | Typebot < 1.4.3 - Admin+ Stored Cross Site Scripting |
| CVE-2021-24967 | 2021-12-27 | Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-24969 | 2021-12-27 | Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2021-24979 | 2021-12-27 | Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting |
| CVE-2021-24980 | 2021-12-27 | Gwolle Guestbook < 4.2.0 - Reflected Cross-Site Scripting |
| CVE-2021-24984 | 2021-12-27 | WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting |
| CVE-2021-24988 | 2021-12-27 | WP RSS Aggregator < 4.19.3 - Subscriber+ Stored Cross-Site Scripting |