Skip to main content
CVE-2020-17363 CRITICAL POC Act Now

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Usvn
NVD
CVSS 3.1
9.9
EPSS
4.4%
CVE-2020-35881 CRITICAL POC Act Now

An issue was discovered in the traitobject crate through 2020-06-01 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Traitobject
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35879 CRITICAL POC Act Now

An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rulinalg
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-35862 CRITICAL POC PATCH Act Now

An issue was discovered in the bitvec crate before 0.17.4 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitvec
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-35860 CRITICAL POC Act Now

An issue was discovered in the cbox crate through 2020-03-19 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cbox
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-35858 CRITICAL POC PATCH Act Now

An issue was discovered in the prost crate before 0.6.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Memory Corruption Prost
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-35902 CRITICAL POC PATCH Act Now

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Actix Codec
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-35898 CRITICAL POC PATCH Act Now

An issue was discovered in the actix-utils crate before 2.0.0 for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Actix Utils
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2020-26165 HIGH POC This Week

qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Qdpm
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-19664 HIGH POC This Week

DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor2960 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
5.3%
CVE-2020-35882 HIGH POC PATCH This Week

An issue was discovered in the rocket crate before 0.4.5 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Rocket
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-35874 HIGH POC PATCH This Week

An issue was discovered in the internment crate through 2020-05-28 for Rust. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Internment
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-35906 HIGH POC PATCH This Week

An issue was discovered in the futures-task crate before 0.3.6 for Rust. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Futures Task
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-35891 HIGH POC This Week

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ordnung
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-35890 HIGH POC This Week

An issue was discovered in the ordnung crate through 2020-09-03 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Ordnung
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-35864 HIGH POC PATCH This Week

An issue was discovered in the flatbuffers crate through 2020-04-11 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Flatbuffers
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-35861 HIGH POC PATCH This Week

An issue was discovered in the bumpalo crate before 3.2.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bumpalo
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-35857 HIGH POC PATCH This Week

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Trust Dns Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-35901 HIGH POC PATCH This Week

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Actix Http
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-35895 CRITICAL PATCH Act Now

An issue was discovered in the stack crate before 0.3.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Stack
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-35888 CRITICAL Act Now

An issue was discovered in the arr crate through 2020-08-25 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arr
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35887 CRITICAL Act Now

An issue was discovered in the arr crate through 2020-08-25 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Arr
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35885 CRITICAL Act Now

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alpm Rs
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35880 CRITICAL PATCH Act Now

An issue was discovered in the bigint crate through 2020-05-07 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bigint
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35878 CRITICAL Act Now

An issue was discovered in the ozone crate through 2020-07-04 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ozone
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35877 CRITICAL Act Now

An issue was discovered in the ozone crate through 2020-07-04 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ozone
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35876 CRITICAL Act Now

An issue was discovered in the rio crate through 2020-05-11 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Rio
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35873 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35872 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35870 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35869 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35868 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35867 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35866 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35863 CRITICAL PATCH Act Now

An issue was discovered in the hyper crate before 0.12.34 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

RCE Request Smuggling Hyper
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-35926 CRITICAL PATCH Act Now

An issue was discovered in the nanorand crate before 0.5.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nanorand
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35851 CRITICAL Act Now

HGiga MailSherlock does not validate specific parameters properly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Msr45 Isherlock User Ssr45 Isherlock User
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-25848 CRITICAL Act Now

HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Msr45 Isherlock Antispam Msr45 Isherlock Audit Msr45 Isherlock Base Msr45 Isherlock User +6
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-25844 CRITICAL Act Now

The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Nhiservisignadapter
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-25843 CRITICAL Act Now

NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Nhiservisignadapter
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-12658 CRITICAL PATCH Act Now

gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gssproxy Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-11835 MEDIUM POC This Month

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Reno3 Pro Firmware Find X2 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-11834 MEDIUM POC This Month

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Reno3 Pro Firmware Find X2 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-11833 MEDIUM POC This Month

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Reno3 Pro Firmware Find X2 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-11832 MEDIUM POC This Month

In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Reno3 Pro Firmware Find X2 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-35925 MEDIUM POC PATCH This Month

An issue was discovered in the magnetic crate before 2.0.1 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Magnetic
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35924 MEDIUM POC PATCH This Month

An issue was discovered in the try-mutex crate before 0.3.0 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Try Mutex
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35923 MEDIUM POC PATCH This Month

An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Ordered Float
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35922 MEDIUM POC PATCH This Month

An issue was discovered in the mio crate before 0.7.6 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mio
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-35921 MEDIUM POC PATCH This Month

An issue was discovered in the miow crate before 0.3.6 for Rust. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Miow
NVD
CVSS 3.1
5.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy