CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2651 CVE-2021-0222 DoS 2021-01-15 2021-01-28
6.1
None Local Network Low Not required None None Complete
A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid payloads to the device. These crafted packets, which should be discarded, are instead replicated and sent to the RE. Over time, a Denial of Service (DoS) occurs. Continued receipt of these crafted protocol packets will cause an extended Denial of Service (DoS) condition, which may cause wider traffic impact due to protocol flapping. An indication of compromise is to check "monitor interface traffic" on the ingress and egress port packet counts. For each ingress packet, two duplicate packets are seen on egress. This issue can be triggered by IPv4 and IPv6 packets. This issue affects all traffic through the device. This issue affects: Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D53 on EX4300, QFX3500, QFX5100, EX4600; 15.1 versions prior to 15.1R7-S6 on EX4300, QFX3500, QFX5100, EX4600; 16.1 versions prior to 16.1R7-S7 on EX4300, QFX5100, EX4600; 17.1 versions prior to 17.1R2-S11 on EX4300, QFX5100, EX4600; 17.1 versions prior to 117.1R3-S2 on EX4300; 17.2 versions prior to 17.2R1-S9 on EX4300; 17.2 versions prior to 17.2R3-S3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on EX4300, QFX5100, EX4600, QFX5110, QFX5200; 17.4 versions prior to 17.4R2-S9, 17.4R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200; 18.1 versions prior to 18.1R3-S9 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, EX2300, EX3400; 18.2 versions prior to 18.2R2-S7 on EX4300; 18.2 versions prior to 18.2R3-S3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, EX2300, EX3400; 18.3 versions prior to 18.3R2-S3, on EX4300; 18.3 versions prior to 18.3R1-S7, 18.3R3-S1 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400; 19.1 versions prior to 19.1R1-S4, 19.1R2-S1, 19.1R3 on EX4300, QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400; 19.2 versions prior to 19.2R1-S4, 19.2R2 on EX4300; 19.2 versions prior to 19.2R1-S3, 19.2R2 on QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400; 19.3 versions prior to 19.3R2-S1, 19.3R3 on EX4300; 19.3 versions prior to 19.3R1-S1, 19.3R2, 19.3R3 on QFX5100, EX4600, QFX5110, QFX5200, QFX5210, QFX5120, EX4650, EX2300, EX3400;
2652 CVE-2021-0211 754 DoS 2021-01-15 2021-10-25
6.4
None Remote Low Not required None Partial Partial
An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message thereby causing an unexpected change in the route advertisements within the BGP FlowSpec domain leading to disruptions in network traffic causing a Denial of Service (DoS) condition. Continued receipt of these update messages will cause a sustained Denial of Service condition. This issue affects Juniper Networks: Junos OS: All versions prior to 17.3R3-S10 with the exceptions of 15.1X49-D240 on SRX Series and 15.1R7-S8 on EX Series; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R2-S8, 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R2-S5, 19.3R3-S1; 19.4 versions prior to 19.4R1-S3, 19.4R2-S3, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2. Junos OS Evolved: All versions prior to 20.3R1-S1-EVO, 20.3R2-EVO.
2653 CVE-2021-0079 20 DoS 2021-11-17 2021-11-19
6.1
None Local Network Low Not required None None Complete
Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
2654 CVE-2021-0078 20 DoS 2021-11-17 2021-11-19
6.8
None Local Network Low Not required Partial None Complete
Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.
2655 CVE-2021-0063 20 DoS 2021-11-17 2021-11-19
6.1
None Local Network Low Not required None None Complete
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
2656 CVE-2020-36503 1236 2021-11-01 2021-11-03
6.0
None Remote Medium ??? Partial Partial Partial
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue
2657 CVE-2020-36463 77 2021-08-08 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>.
2658 CVE-2020-36462 77 2021-08-08 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2.
2659 CVE-2020-36461 77 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock.
2660 CVE-2020-36460 843 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type.
2661 CVE-2020-36459 77 2021-08-08 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore.
2662 CVE-2020-36458 77 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult<T, E>, there is an implementation of Sync with a trait bound of T: Send, E: Send.
2663 CVE-2020-36457 77 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox<T> implements the Send and Sync traits for all types T.
2664 CVE-2020-36456 77 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell<T>, the Send trait lacks bounds on the contained type.
2665 CVE-2020-36454 119 Overflow 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the parc crate through 2020-11-14 for Rust. LockWeak<T> has an unconditional implementation of Send without trait bounds on T.
2666 CVE-2020-36453 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for Queue<T>.
2667 CVE-2020-36451 77 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the rcu_cell crate through 2020-11-14 for Rust. There are unconditional implementations of Send and Sync for RcuCell<T>.
2668 CVE-2020-36450 77 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the bunch crate through 2020-11-12 for Rust. There are unconditional implementations of Send and Sync for Bunch<T>.
2669 CVE-2020-36449 77 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ShmWriter<H>, Send is implemented without requiring H: Send.
2670 CVE-2020-36448 77 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the cache crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for Cache<K>.
2671 CVE-2020-36447 77 2021-08-08 2021-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional implementation of Sync for SyncRef<T>.
2672 CVE-2020-36446 119 Overflow 2021-08-08 2021-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for SyncChannel<T>.
2673 CVE-2020-36445 119 Overflow 2021-08-08 2021-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the convec crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for ConVec<T>.
2674 CVE-2020-36444 119 Overflow 2021-08-08 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Send and Sync are implemented for ArcGuard<RC, T> without trait bounds on RC.
2675 CVE-2020-36442 119 Overflow 2021-08-08 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its Send trait.
2676 CVE-2020-36441 119 Overflow 2021-08-08 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the abox crate before 0.4.1 for Rust. It implements Send and Sync for AtomicBox<T> with no requirement for T: Send and T: Sync.
2677 CVE-2020-36440 119 Overflow 2021-08-08 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the libsbc crate before 0.1.5 for Rust. For Decoder<R>, it implements Send for any R: Read.
2678 CVE-2020-36439 119 Overflow 2021-08-08 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket<T> and WriteTicket<T>.
2679 CVE-2020-36438 119 Overflow 2021-08-08 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future<T> does not have bounds on its Send and Sync traits.
2680 CVE-2020-36437 119 Overflow 2021-08-08 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the conqueue crate before 0.4.0 for Rust. There are unconditional implementations of Send and Sync for QueueSender<T>.
2681 CVE-2020-36436 119 Overflow 2021-08-08 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab<T> and Unordered<T, S> do not have bounds on their Send and Sync traits.
2682 CVE-2020-36435 119 Overflow 2021-08-08 2021-08-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the ruspiro-singleton crate before 0.4.1 for Rust. In Singleton, Send and Sync do not have bounds checks.
2683 CVE-2020-36430 787 Overflow 2021-07-20 2021-07-28
6.8
None Remote Medium Not required Partial Partial Partial
libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.
2684 CVE-2020-36428 787 Overflow 2021-07-20 2021-07-27
6.8
None Remote Medium Not required Partial Partial Partial
matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4).
2685 CVE-2020-36407 787 2021-07-01 2021-07-06
6.8
None Remote Medium Not required Partial Partial Partial
libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.
2686 CVE-2020-36406 787 Overflow 2021-07-01 2021-07-06
6.8
None Remote Medium Not required Partial Partial Partial
uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll).
2687 CVE-2020-36405 416 2021-07-01 2021-07-06
6.8
None Remote Medium Not required Partial Partial Partial
Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.
2688 CVE-2020-36404 763 2021-07-01 2021-07-06
6.8
None Remote Medium Not required Partial Partial Partial
Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl.
2689 CVE-2020-36403 787 2021-07-01 2021-07-06
6.8
None Remote Medium Not required Partial Partial Partial
HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).
2690 CVE-2020-36402 787 2021-07-01 2021-07-06
6.8
None Remote Medium Not required Partial Partial Partial
Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change.
2691 CVE-2020-36401 415 2021-07-01 2021-07-06
6.8
None Remote Medium Not required Partial Partial Partial
mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).
2692 CVE-2020-36394 2021-06-22 2021-06-29
6.9
None Local Medium Not required Complete Complete Complete
pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.
2693 CVE-2020-36388 434 2021-06-17 2021-06-22
6.5
None Remote Low ??? Partial Partial Partial
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
2694 CVE-2020-36385 416 2021-06-07 2021-07-20
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
2695 CVE-2020-36364 22 Dir. Trav. 2021-05-19 2021-05-25
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field.
2696 CVE-2020-36334 352 CSRF 2021-05-05 2021-05-11
6.8
None Remote Medium Not required Partial Partial Partial
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.
2697 CVE-2020-36333 306 2021-05-05 2021-05-11
6.4
None Remote Low Not required None Partial Partial
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
2698 CVE-2020-36331 125 2021-05-21 2021-11-12
6.4
None Remote Low Not required Partial None Partial
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
2699 CVE-2020-36330 125 2021-05-21 2021-11-17
6.4
None Remote Low Not required Partial None Partial
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
2700 CVE-2020-36323 134 2021-04-14 2021-04-27
6.4
None Remote Low Not required Partial None Partial
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
Total number of vulnerabilities : 23854   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 (This Page)55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.