NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege. Date published : 2020-12-31 https://www.twcert.org.tw/tw/cp-132-4271-951cd-1.html
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege. Date published : 2020-12-31 https://www.twcert.org.tw/tw/cp-132-4270-72392-1.html
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in...
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be...
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability. Date published : 2020-12-31 https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1333235676610830336
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability. Date published : 2020-12-31 https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1333235676610830336
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability. Date published : 2020-12-31 https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1333235676610830336
In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability. Date published : 2020-12-31 https://security.oppo.com/en/noticedetails.html?noticeId=NOTICE-1333235676610830336
Exponent CMS before 2.6.0 has improper input validation in fileController.php. Date published : 2020-12-30 https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31 https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php. Date published : 2020-12-30 https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31 https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. Date published : 2020-12-30 https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31 https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31
Exponent CMS before 2.6.0 has improper input validation in usersController.php. Date published : 2020-12-30 https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31 https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31
Exponent CMS before 2.6.0 has improper input validation in storeController.php. Date published : 2020-12-30 https://exponentcms.lighthouseapp.com/projects/61783/changesets/a8efd9ca71fc9b8b843ad0910d435d237482ee31 https://github.com/exponentcms/exponent-cms/commit/a8efd9ca71fc9b8b843ad0910d435d237482ee31
OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, as demonstrated by use of interface/super/manage_site_files.php to upload a .php file. Date published : 2020-12-30 https://community.open-emr.org/t/openemr-security/10597 https://www.open-emr.org/wiki/images/1/11/Openemr_insecurity.pdf