Search Results (Refine Search)

Search Parameters:
There are 147,963 matching records.
Displaying matches 1,301 through 1,320.
Vuln ID Summary CVSS Severity
CVE-2020-35905

An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code).

Published: December 31, 2020; 4:15:15 AM -0500
V3.1: 4.7 MEDIUM
V2.0: 1.9 LOW
CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are.

Published: December 31, 2020; 4:15:15 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-35903

An issue was discovered in the dync crate before 0.5.0 for Rust. VecCopy allows misaligned element access because u8 is not always the type in question.

Published: December 31, 2020; 4:15:15 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-35902

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed.

Published: December 31, 2020; 4:15:14 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-35901

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream.

Published: December 31, 2020; 4:15:14 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-35900

An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free.

Published: December 31, 2020; 4:15:14 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-35899

An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.

Published: December 31, 2020; 4:15:14 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-35898

An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.

Published: December 31, 2020; 4:15:14 AM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2020-35851

HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-35743

HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 7.6 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-35742

HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 7.6 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-35741

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-35740

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-25850

The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-25848

HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-25846

The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 7.4 HIGH
V2.0: 4.3 MEDIUM
CVE-2020-25845

Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 7.4 HIGH
V2.0: 4.3 MEDIUM
CVE-2020-25844

The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-25843

NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.

Published: December 31, 2020; 3:15:12 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-25842

The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.

Published: December 31, 2020; 3:15:12 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM