βΌ CVE-2020-19664 βΌ
π Read
via "National Vulnerability Database".
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13654 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform before 12.8 mishandles escaping in the property displayer.π Read
via "National Vulnerability Database".
βΌ CVE-2019-20808 βΌ
π Read
via "National Vulnerability Database".
In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2019-7726 βΌ
π Read
via "National Vulnerability Database".
modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).π Read
via "National Vulnerability Database".
βΌ CVE-2016-9025 βΌ
π Read
via "National Vulnerability Database".
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16132 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-24240. Reason: This candidate is a reservation duplicate of CVE-2020-24240. Notes: All CVE users should reference CVE-2020-24240 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25844 βΌ
π Read
via "National Vulnerability Database".
The digest generation function of NHIServiSignAdapter has not been verified for parameterΓ’β¬β’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35904 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35857 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35884 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35879 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25845 βΌ
π Read
via "National Vulnerability Database".
Multiple functions of NHIServiSignAdapter failed to verify the usersΓ’β¬β’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35872 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via the repr(Rust) type.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35928 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25004 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35885 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25001 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35886 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25007 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25002 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35851 βΌ
π Read
via "National Vulnerability Database".
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.π Read
via "National Vulnerability Database".