Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2021-38193
An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-08
CVE-2021-38194
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-08-08
CVE-2021-38195
An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid signature because it allows the R or S parameter to be larger than the curve order, aka an overflow.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-08-08
CVE-2021-38196
An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose.
CVSS Score
9.8
EPSS Score
0.034
Published
2021-08-08
CVE-2020-36462
An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2.
CVSS Score
8.1
EPSS Score
0.005
Published
2021-08-08
CVE-2020-36463
An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>.
CVSS Score
8.1
EPSS Score
0.005
Published
2021-08-08
CVE-2020-36464
An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-08
CVE-2020-36465
An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-08
CVE-2020-36466
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types.
CVSS Score
5.9
EPSS Score
0.003
Published
2021-08-08
CVE-2020-36467
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object.
CVSS Score
5.9
EPSS Score
0.003
Published
2021-08-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved