CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-35931 754 2020-12-31 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF document via an Evil Annotation Attack because the products fail to consider a null value for a Subtype entry of the Annotation dictionary, in an incremental update.
2 CVE-2020-35930 79 XSS 2020-12-31 2021-01-05
3.5
None Remote Medium ??? None Partial None
Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.
3 CVE-2020-35928 362 2020-12-31 2021-01-06
1.9
None Local Medium Not required None None Partial
An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync.
4 CVE-2020-35927 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex<T> allows cross-thread data races of non-Send types.
5 CVE-2020-35926 338 2020-12-31 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.
6 CVE-2020-35925 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the magnetic crate before 2.0.1 for Rust. MPMCConsumer and MPMCProducer allow cross-thread sending of a non-Send type.
7 CVE-2020-35924 787 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex<T> allows cross-thread sending of a non-Send type.
8 CVE-2020-35923 416 2020-12-31 2021-01-06
4.9
None Local Low Not required None None Complete
An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN.
9 CVE-2020-35922 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
10 CVE-2020-35921 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
11 CVE-2020-35920 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
12 CVE-2020-35919 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation.
13 CVE-2020-35918 2020-12-31 2021-01-14
4.9
None Local Low Not required None None Complete
An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens (with invalid base62 data) can panic.
14 CVE-2020-35917 416 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>.
15 CVE-2020-35916 400 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)
16 CVE-2020-35915 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types.
17 CVE-2020-35914 362 2020-12-31 2021-01-05
1.9
None Local Medium Not required None None Partial
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness.
18 CVE-2020-35913 362 2020-12-31 2021-01-05
1.9
None Local Medium Not required None None Partial
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness.
19 CVE-2020-35912 362 2020-12-31 2021-01-05
1.9
None Local Medium Not required None None Partial
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness.
20 CVE-2020-35911 362 2020-12-31 2021-01-05
1.9
None Local Medium Not required None None Partial
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness.
21 CVE-2020-35910 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness.
22 CVE-2020-35909 2020-12-31 2021-01-14
7.8
None Remote Low Not required None None Complete
An issue was discovered in the multihash crate before 0.11.3 for Rust. The from_slice parsing code can panic via unsanitized data from a network server.
23 CVE-2020-35908 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled.
24 CVE-2020-35907 476 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference.
25 CVE-2020-35906 416 2020-12-31 2021-01-06
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation.
26 CVE-2020-35905 362 2020-12-31 2021-01-06
1.9
None Local Medium Not required None None Partial
An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code).
27 CVE-2020-35904 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are.
28 CVE-2020-35903 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question.
29 CVE-2020-35902 416 2020-12-31 2021-01-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed.
30 CVE-2020-35901 416 2020-12-31 2021-01-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream.
31 CVE-2020-35900 416 2020-12-31 2021-01-06
2.1
None Local Low Not required Partial None None
An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free.
32 CVE-2020-35899 416 2020-12-31 2021-01-06
2.1
None Local Low Not required None None Partial
An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.
33 CVE-2020-35898 416 2020-12-31 2021-01-07
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.
34 CVE-2020-35897 362 2020-12-31 2021-01-07
1.9
None Local Medium Not required None None Partial
An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race.
35 CVE-2020-35896 400 2020-12-31 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.
36 CVE-2020-35895 787 2020-12-31 2021-01-07
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion.
37 CVE-2020-35894 706 2020-12-31 2021-01-07
5.0
None Remote Low Not required None Partial None
An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur.
38 CVE-2020-35893 193 2020-12-31 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory.
39 CVE-2020-35892 125 2020-12-31 2021-01-06
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read.
40 CVE-2020-35891 415 2020-12-31 2021-01-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free.
41 CVE-2020-35890 125 2020-12-31 2021-01-07
5.0
None Remote Low Not required None None Partial
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity.
42 CVE-2020-35889 367 2020-12-31 2021-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike.
43 CVE-2020-35888 2020-12-31 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template.
44 CVE-2020-35887 120 Overflow 2020-12-31 2021-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut.
45 CVE-2020-35886 362 2020-12-31 2021-01-07
1.9
None Local Medium Not required None None Partial
An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race.
46 CVE-2020-35885 415 2020-12-31 2021-09-13
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.
47 CVE-2020-35884 444 2020-12-31 2021-01-07
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.
48 CVE-2020-35883 22 Dir. Trav. 2020-12-31 2021-01-07
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename.
49 CVE-2020-35882 362 2020-12-31 2021-01-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the rocket crate before 0.4.5 for Rust. LocalRequest::clone creates more than one mutable references to the same object, possibly causing a data race.
50 CVE-2020-35881 787 Mem. Corr. 2020-12-31 2021-01-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x.
Total number of vulnerabilities : 1530   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.