Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-28036 1 Quinn Project 1 Quinn 2024-11-21 7.5 High
An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures.
CVE-2021-28035 1 Stack Dst Project 1 Stack Dst 2024-11-21 9.8 Critical
An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a drop of uninitialized memory can occur upon a val.clone() panic.
CVE-2021-28034 1 Stack Dst Project 1 Stack Dst 2024-11-21 9.8 Critical
An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic.
CVE-2021-28033 1 Byte Struct Project 1 Byte Struct 2024-11-21 9.8 Critical
An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of uninitialized memory if a certain deserialization method panics.
CVE-2021-28032 1 Nano Arena Project 1 Nano Arena 2024-11-21 9.8 Critical
An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violation in split_at because two mutable references can exist for the same element, if Borrow<Idx> behaves in certain ways. This can have a resultant out-of-bounds write or use-after-free.
CVE-2021-28031 1 Scratchpad Project 1 Scratchpad 2024-11-21 9.8 Critical
An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function.
CVE-2021-28030 1 Truetype Project 1 Truetype 2024-11-21 7.5 High
An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.
CVE-2021-28029 1 Toodee Project 1 Toodee 2024-11-21 7.5 High
An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows attackers to read the contents of uninitialized memory locations.
CVE-2021-28028 1 Toodee Project 1 Toodee 2024-11-21 9.8 Critical
An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic.
CVE-2021-28027 1 Bam Project 1 Bam 2024-11-21 9.8 Critical
An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.
CVE-2021-28026 1 Jpeg 1 Jpeg-xl 2024-11-21 7.8 High
jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service.
CVE-2021-28025 1 Qt 1 Qt 2024-11-21 5.5 Medium
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).
CVE-2021-28024 1 Servicetonic 1 Servicetonic 2024-11-21 9.8 Critical
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.
CVE-2021-28023 1 Servicetonic 1 Servicetonic 2024-11-21 9.8 Critical
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.
CVE-2021-28022 1 Servicetonic 1 Servicetonic 2024-11-21 7.5 High
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.
CVE-2021-28021 3 Debian, Fedoraproject, Stb Project 3 Debian Linux, Fedora, Stb 2024-11-21 7.8 High
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.
CVE-2021-28007 1 Web Based Quiz System Project 1 Web Based Quiz System 2024-11-21 6.1 Medium
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter.
CVE-2021-28006 1 Web Based Quiz System Project 1 Web Based Quiz System 2024-11-21 6.1 Medium
Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter.
CVE-2021-28002 1 Textpattern 1 Textpattern 2024-11-21 5.4 Medium
A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page.
CVE-2021-28001 1 Textpattern 1 Textpattern 2024-11-21 5.4 Medium
A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head.