Total
1755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38518 | 1 Netgear | 12 Rax200, Rax200 Firmware, Rax75 and 9 more | 2021-08-18 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | |||||
| CVE-2020-36463 | 1 Multiqueue Project | 1 Multiqueue | 2021-08-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>. | |||||
| CVE-2020-36462 | 1 Syncpool Project | 1 Syncpool | 2021-08-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2. | |||||
| CVE-2020-36459 | 1 Dces Project | 1 Dces | 2021-08-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore. | |||||
| CVE-2021-38189 | 1 Lettre | 1 Lettre | 2021-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two <CR><LF> sequences and then inject arbitrary SMTP commands. | |||||
| CVE-2020-36456 | 1 Toolshed Project | 1 Toolshed | 2021-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell<T>, the Send trait lacks bounds on the contained type. | |||||
| CVE-2020-36455 | 1 Brokenlamp | 1 Slock | 2021-08-16 | 5.1 MEDIUM | 8.1 HIGH |
| An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock<T> unconditionally implements Send and Sync. | |||||
| CVE-2020-36461 | 1 Noise Search Project | 1 Noise Search | 2021-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock. | |||||
| CVE-2020-36451 | 1 Rcu Cell Project | 1 Rcu Cell | 2021-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the rcu_cell crate through 2020-11-14 for Rust. There are unconditional implementations of Send and Sync for RcuCell<T>. | |||||
| CVE-2020-36450 | 1 Bunch Project | 1 Bunch | 2021-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the bunch crate through 2020-11-12 for Rust. There are unconditional implementations of Send and Sync for Bunch<T>. | |||||
| CVE-2020-36449 | 1 Kekbit Project | 1 Kekbit | 2021-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ShmWriter<H>, Send is implemented without requiring H: Send. | |||||
| CVE-2020-36448 | 1 Cache Project | 1 Cache | 2021-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the cache crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for Cache<K>. | |||||
| CVE-2021-38169 | 1 Roxy-wi | 1 Roxy-wi | 2021-08-13 | 6.5 MEDIUM | 8.8 HIGH |
| Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py. | |||||
| CVE-2021-36707 | 1 Prolink | 2 Prc2402m, Prc2402m Firmware | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system. | |||||
| CVE-2021-21406 | 1 Combodo | 1 Itop | 2021-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| Combodo iTop is an open source, web based IT Service Management tool. In versions prior to 2.7.4, there is a command injection vulnerability in the Setup Wizard when providing Graphviz executable path. The vulnerability is patched in version 2.7.4 and 3.0.0. | |||||
| CVE-2020-9583 | 1 Magento | 1 Magento | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-20757 | 1 Netgear | 2 R7800, R7800 Firmware | 2021-07-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user. | |||||
| CVE-2019-14719 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | |||||
| CVE-2020-12782 | 1 Openfind | 2 Mailaudit, Mailgates | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. | |||||
| CVE-2020-13917 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command injection and jailbreak the CLI via a crafted CLI command. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | |||||