CVE Daily
← All years

All CVEs — 2021

Page 2/142.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2021-12-27
High

CVE-2021-43856

Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in th…

CVSS: 8.2 CWE: CWE-79
Read more
High

CVE-2021-43855

Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating…

CVSS: 8.2 CWE: CWE-79
Read more
High

CVE-2021-43845

PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet siz…

CVSS: 8.2 CWE: CWE-125
Read more
Medium

CVE-2021-38961

IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading…

CVSS: 6.1 CWE: CWE-79
Read more
Critical

CVE-2021-45232

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed…

CVSS: 9.8 CWE: CWE-306
Read more
High

CVE-2021-45339

Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defe…

CVSS: 7.8 CWE: CWE-863
Read more
High

CVE-2021-45335

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary sy…

CVSS: 8.8 CWE: CWE-276
Read more
High

CVE-2021-4173

vim is vulnerable to Use After Free

CVSS: 7.8 CWE: CWE-416
Read more
High

CVE-2021-24998

The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function…

CVSS: 7.5 CWE: CWE-330
Read more
Medium

CVE-2021-24997

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as…

CVSS: 6.5 CWE: CWE-862
Read more
Medium

CVE-2021-24992

The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to…

CVSS: 4.8 CWE: CWE-79
Read more
Medium

CVE-2021-24988

The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2021-24984

The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cros…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2021-24980

The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripti…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2021-24979

The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2021-24967

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting att…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2021-24902

The Typebot | Build beautiful conversational forms WordPress plugin before 1.4.3 does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scri…

CVSS: 4.8 CWE: CWE-79
Read more
Medium

CVE-2021-24797

The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthentica…

CVSS: 6.1 CWE: CWE-79
Read more
High

CVE-2021-24753

The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authentic…

CVSS: 7.2 CWE: CWE-89
Read more
High

CVE-2021-45711

An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f.

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2021-45710

An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory…

CVSS: 8.1 CWE: CWE-362
Read more
Critical

CVE-2021-45709

An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur.

CVSS: 9.8 CWE: CWE-119
Read more
High

CVE-2021-45708

An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.

CVSS: 7.5 CWE: CWE-668
Read more
Critical

CVE-2021-45707

An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more…

CVSS: 9.8 CWE: CWE-787
Read more
Critical

CVE-2021-45706

An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.

CVSS: 9.8 CWE: CWE-459
Read more
High

CVE-2021-45704

An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket<T> unconditionally implements the Send and Sync traits.

CVSS: 8.1 CWE: CWE-362
Read more
Critical

CVE-2021-45703

An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
High

CVE-2021-45702

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free.

CVSS: 7.5 CWE: CWE-416
Read more
Critical

CVE-2021-45701

An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.

CVSS: 9.8 CWE: CWE-416
Read more
High

CVE-2021-45699

An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory f…

CVSS: 7.5 CWE: CWE-770
Read more
Critical

CVE-2021-45696

An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used.

CVSS: 9.8 CWE: CWE-327
Read more
High

CVE-2021-45694

An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations.

CVSS: 7.5 CWE: CWE-908
Read more
Critical

CVE-2021-45693

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2021-45692

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2021-45691

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2021-45690

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2021-45689

An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2021-45688

An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2021-45687

An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading…

CVSS: 9.8 CWE: CWE-20
Read more
Critical

CVE-2021-45686

An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2021-45685

An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2021-45684

An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2021-45683

An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2021-45682

An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
High

CVE-2021-45681

An issue was discovered in the derive-com-impl crate before 0.1.2 for Rust. An invalid reference (and memory corruption) can occur because AddRef might not be called before returning a pointer.

CVSS: 7.5 CWE: CWE-787
Read more
High

CVE-2021-45680

An issue was discovered in the vec-const crate before 2.0.0 for Rust. It tries to construct a Vec from a pointer to a const slice, leading to memory corruption.

CVSS: 7.5 CWE: CWE-787
Read more
Critical

CVE-2020-36514

An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2020-36513

An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
Critical

CVE-2020-36512

An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations.

CVSS: 9.8 CWE: CWE-908
Read more
High

CVE-2020-36511

An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations.

CVSS: 7.5 CWE: CWE-908
Read more
High

CVE-2019-25054

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upon attempted dereference of an uninitialized descriptor) because of an erroneous IcmpTransportChanne…

CVSS: 7.5 CWE: CWE-909
Read more
High

CVE-2018-25028

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2018-25027

An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free.

CVSS: 7.5 CWE: CWE-416
Read more
Critical

CVE-2018-25026

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.

CVSS: 9.8 CWE: CWE-787
Read more
Critical

CVE-2018-25025

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.

CVSS: 9.8 CWE: CWE-787
Read more
Critical

CVE-2018-25024

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption.

CVSS: 9.8 CWE: CWE-787
Read more
High

CVE-2018-25023

An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.

CVSS: 7.5 CWE: CWE-908
Read more
2021-12-26
High

CVE-2021-45720

An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation.

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2021-45719

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free.

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2021-45718

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free.

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2021-45717

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free.

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2021-45716

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free.

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2021-45715

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2021-45714

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free.

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2021-45713

An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free.

CVSS: 7.5 CWE: CWE-416
Read more
High

CVE-2021-45712

An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode.

CVSS: 7.5 CWE: CWE-22
Read more
Medium

CVE-2021-44598

Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is e…

CVSS: 6.1 CWE: CWE-79
Read more
High

CVE-2021-4168

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

CVSS: 8.8 CWE: CWE-352
Read more
Medium

CVE-2021-4169

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS: 6.1 CWE: CWE-79
Read more
High

CVE-2021-44078

An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code…

CVSS: 8.1 CWE: CWE-697
Read more
Medium

CVE-2021-45677

Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36.

CVSS: 5.2 CWE: CWE-79
Read more
Medium

CVE-2021-45676

Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2021-45675

Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.…

CVSS: 5.8 CWE: CWE-79
Read more
Low

CVE-2021-45674

Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0…

CVSS: 3.2 CWE: CWE-79
Read more
Medium

CVE-2021-45673

Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before…

CVSS: 4.8 CWE: CWE-79
Read more
Medium

CVE-2021-45672

Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0…

CVSS: 4.2 CWE: CWE-79
Read more
Medium

CVE-2021-45671

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.62, EX7500 before 1.0.0.72, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.…

CVSS: 6.5 CWE: CWE-79
Read more
Medium

CVE-2021-45670

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0…

CVSS: 6.5 CWE: CWE-79
Read more
Low

CVE-2021-45669

Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.…

CVSS: 3.7 CWE: CWE-79
Read more
Medium

CVE-2021-45668

Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.…

CVSS: 6.5 CWE: CWE-79
Read more
Medium

CVE-2021-45667

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0…

CVSS: 6.5 CWE: CWE-79
Read more
Medium

CVE-2021-45666

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.…

CVSS: 6.5 CWE: CWE-79
Read more
Medium

CVE-2021-45665

Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.…

CVSS: 6.5 CWE: CWE-79
Read more
Medium

CVE-2021-45664

NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.

CVSS: 5.6 CWE: CWE-79
Read more
Medium

CVE-2021-45663

NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2021-45662

NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS.

CVSS: 6.1 CWE: CWE-79
Read more
High

CVE-2021-45661

Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 be…

CVSS: 7.1 CWE: CWE-74
Read more
High

CVE-2021-45660

Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 be…

CVSS: 7.1 CWE: CWE-74
Read more
High

CVE-2021-45659

Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 be…

CVSS: 7.1 CWE: CWE-74
Read more
High

CVE-2021-45658

Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6100v2 before 1.0.1.86, E…

CVSS: 7.1 CWE: CWE-74
Read more
High

CVE-2021-45657

Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150…

CVSS: 7.1 CWE: CWE-74
Read more
High

CVE-2021-45656

Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150…

CVSS: 7.1 CWE: CWE-74
Read more
Medium

CVE-2021-45655

NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection.

CVSS: 6.9 CWE: CWE-74
Read more
Critical

CVE-2021-45654

NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information.

CVSS: 9.6 CWE: CWE-200
Read more
Low

CVE-2021-45653

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

CVSS: 3.9 CWE: CWE-200
Read more
Critical

CVE-2021-45652

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.

CVSS: 9.6 CWE: CWE-200
Read more
High

CVE-2021-45651

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK50 before 2.7.3.22, RBR50 before 2.7.3.22, and RBS50 before 2.7.3.22.

CVSS: 7.4 CWE: CWE-200
Read more
Critical

CVE-2021-45650

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before…

CVSS: 9.1 CWE: CWE-200
Read more
High

CVE-2021-45649

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000…

CVSS: 7.9 CWE: CWE-200
Read more
Low

CVE-2021-45648

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX640…

CVSS: 3.1 CWE: CWE-200
Read more
Medium

CVE-2021-45647

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1…

CVSS: 6.5 CWE: CWE-200
Read more
Medium

CVE-2021-45646

NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of sensitive information.

CVSS: 5.3 CWE: CWE-200
Read more
Medium

CVE-2021-45639

Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before…

CVSS: 5.2 CWE: CWE-79
Read more
Critical

CVE-2021-45638

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.74, D8500 before…

CVSS: 9.6 CWE: CWE-787
Read more
High

CVE-2021-45637

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6260 before 1.1.0.76, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 befor…

CVSS: 8.3 CWE: CWE-787
Read more
Medium

CVE-2021-45636

NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based buffer overflow by an unauthenticated attacker.

CVSS: 5.4 CWE: CWE-787
Read more
Critical

CVE-2021-45635

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12…

CVSS: 9.6 CWE: CWE-77
Read more
Critical

CVE-2021-45634

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12…

CVSS: 9.6 CWE: CWE-77
Read more
Critical

CVE-2021-45633

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12…

CVSS: 9.6 CWE: CWE-77
Read more
Critical

CVE-2021-45632

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12…

CVSS: 9.6 CWE: CWE-77
Read more
Critical

CVE-2021-45631

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12,…

CVSS: 9.6 CWE: CWE-77
Read more
Critical

CVE-2021-45630

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12,…

CVSS: 10.0 CWE: CWE-77
Read more
Critical

CVE-2021-45629

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12…

CVSS: 9.6 CWE: CWE-77
Read more
Critical

CVE-2021-45628

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12,…

CVSS: 9.6 CWE: CWE-77
Read more
Critical

CVE-2021-45627

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.1…

CVSS: 9.6 CWE: CWE-77
Read more
Critical

CVE-2021-45626

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK20 before 2.6.1.36, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.36, RBR4…

CVSS: 9.6 CWE: CWE-77
Read more
Critical

CVE-2021-45625

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.

CVSS: 9.6 CWE: CWE-77
Read more
Critical

CVE-2021-45624

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72…

CVSS: 9.6 CWE: CWE-77
Read more
High

CVE-2021-45623

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R7800 before 1.0.2.74, R9000 before 1.0.5.2, and XR500 before 2.3.2.66.

CVSS: 8.3 CWE: CWE-77
Read more