Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28036 | 1 Quinn Project | 1 Quinn | 2024-11-21 | 7.5 High |
| An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | ||||
| CVE-2021-28035 | 1 Stack Dst Project | 1 Stack Dst | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic. | ||||
| CVE-2021-28034 | 1 Stack Dst Project | 1 Stack Dst | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic. | ||||
| CVE-2021-28033 | 1 Byte Struct Project | 1 Byte Struct | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics. | ||||
| CVE-2021-28032 | 1 Nano Arena Project | 1 Nano Arena | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free. | ||||
| CVE-2021-28031 | 1 Scratchpad Project | 1 Scratchpad | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function. | ||||
| CVE-2021-28030 | 1 Truetype Project | 1 Truetype | 2024-11-21 | 7.5 High |
| An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes. | ||||
| CVE-2021-28029 | 1 Toodee Project | 1 Toodee | 2024-11-21 | 7.5 High |
| An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations. | ||||
| CVE-2021-28028 | 1 Toodee Project | 1 Toodee | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic. | ||||
| CVE-2021-28027 | 1 Bam Project | 1 Bam | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block. | ||||
| CVE-2021-28026 | 1 Jpeg | 1 Jpeg-xl | 2024-11-21 | 7.8 High |
| jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service. | ||||
| CVE-2021-28025 | 1 Qt | 1 Qt | 2024-11-21 | 5.5 Medium |
| Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS). | ||||
| CVE-2021-28024 | 1 Servicetonic | 1 Servicetonic | 2024-11-21 | 9.8 Critical |
| Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password. | ||||
| CVE-2021-28023 | 1 Servicetonic | 1 Servicetonic | 2024-11-21 | 9.8 Critical |
| Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths. | ||||
| CVE-2021-28022 | 1 Servicetonic | 1 Servicetonic | 2024-11-21 | 7.5 High |
| Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. | ||||
| CVE-2021-28021 | 3 Debian, Fedoraproject, Stb Project | 3 Debian Linux, Fedora, Stb | 2024-11-21 | 7.8 High |
| Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. | ||||
| CVE-2021-28007 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2024-11-21 | 6.1 Medium |
| Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter. | ||||
| CVE-2021-28006 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2024-11-21 | 6.1 Medium |
| Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter. | ||||
| CVE-2021-28002 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 5.4 Medium |
| A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page. | ||||
| CVE-2021-28001 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 5.4 Medium |
| A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head. | ||||