Skip to main content
CVE-2020-17363 CRITICAL POC Act Now

USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Usvn
NVD
CVSS 3.1
9.9
EPSS
4.4%
CVE-2020-35881 CRITICAL POC Act Now

An issue was discovered in the traitobject crate through 2020-06-01 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Traitobject
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35879 CRITICAL POC Act Now

An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rulinalg
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-35862 CRITICAL POC PATCH Act Now

An issue was discovered in the bitvec crate before 0.17.4 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitvec
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-35860 CRITICAL POC Act Now

An issue was discovered in the cbox crate through 2020-03-19 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Cbox
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-35858 CRITICAL POC PATCH Act Now

An issue was discovered in the prost crate before 0.6.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Memory Corruption Prost
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-35902 CRITICAL POC PATCH Act Now

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Actix Codec
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-35898 CRITICAL POC PATCH Act Now

An issue was discovered in the actix-utils crate before 2.0.0 for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Actix Utils
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2020-35895 CRITICAL PATCH Act Now

An issue was discovered in the stack crate before 0.3.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Stack
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-35888 CRITICAL Act Now

An issue was discovered in the arr crate through 2020-08-25 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arr
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35887 CRITICAL Act Now

An issue was discovered in the arr crate through 2020-08-25 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Arr
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35885 CRITICAL Act Now

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alpm Rs
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35880 CRITICAL PATCH Act Now

An issue was discovered in the bigint crate through 2020-05-07 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bigint
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35878 CRITICAL Act Now

An issue was discovered in the ozone crate through 2020-07-04 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ozone
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35877 CRITICAL Act Now

An issue was discovered in the ozone crate through 2020-07-04 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ozone
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35876 CRITICAL Act Now

An issue was discovered in the rio crate through 2020-05-11 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Rio
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35873 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35872 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35870 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35869 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35868 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35867 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35866 CRITICAL PATCH Act Now

An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rusqlite
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35863 CRITICAL PATCH Act Now

An issue was discovered in the hyper crate before 0.12.34 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

RCE Request Smuggling Hyper
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2020-35926 CRITICAL PATCH Act Now

An issue was discovered in the nanorand crate before 0.5.1 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nanorand
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35851 CRITICAL Act Now

HGiga MailSherlock does not validate specific parameters properly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Msr45 Isherlock User Ssr45 Isherlock User
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-25848 CRITICAL Act Now

HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Msr45 Isherlock Antispam Msr45 Isherlock Audit Msr45 Isherlock Base Msr45 Isherlock User +6
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-25844 CRITICAL Act Now

The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Nhiservisignadapter
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-25843 CRITICAL Act Now

NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Nhiservisignadapter
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-12658 CRITICAL PATCH Act Now

gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gssproxy Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-35892 CRITICAL PATCH Act Now

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Simple Slab
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-35883 CRITICAL PATCH Act Now

An issue was discovered in the mozwire crate through 2020-08-18 for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mozwire
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-35859 CRITICAL PATCH Act Now

An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Lucet Runtime Internals
NVD
CVSS 3.1
9.1
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy