Search Results (Refine Search)

Search Parameters:
There are 147,978 matching records.
Displaying matches 1,321 through 1,340.
Vuln ID Summary CVSS Severity
CVE-2020-35900

An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free.

Published: December 31, 2020; 4:15:14 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-35899

An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.

Published: December 31, 2020; 4:15:14 AM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-35898

An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data.

Published: December 31, 2020; 4:15:14 AM -0500
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2020-35851

HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-35743

HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 7.6 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-35742

HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 7.6 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-35741

HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-35740

HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-25850

The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-25848

HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2020-25846

The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 7.4 HIGH
V2.0: 4.3 MEDIUM
CVE-2020-25845

Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 7.4 HIGH
V2.0: 4.3 MEDIUM
CVE-2020-25844

The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.

Published: December 31, 2020; 3:15:13 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-25843

NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.

Published: December 31, 2020; 3:15:12 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-25842

The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.

Published: December 31, 2020; 3:15:12 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-7726

modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request (e.g., Referer and User-Agent).

Published: December 31, 2020; 12:15:10 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-7725

includes/core/is_user.php in NukeViet before 4.3.04 deserializes the untrusted nvloginhash cookie (i.e., the code relies on PHP's serialization format when JSON can be used to eliminate the risk).

Published: December 31, 2020; 12:15:10 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-16795

OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file.

Published: December 30, 2020; 10:15:12 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-14067

Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980.

Published: December 30, 2020; 10:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-9026

Exponent CMS before 2.6.0 has improper input validation in fileController.php.

Published: December 30, 2020; 10:15:12 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH