The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal’s security advisory policy. Date published : 2020-12-31 https://www.drupal.org/project/webform_report/issues/3101410
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments. Date published : 2020-12-31 http://www.cinquino.eu/NetBox.htm https://github.com/netbox-community/netbox/issues/3471
An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden. Date published : 2020-12-31 https://github.com/rust-lang-nursery/failure/issues/336 https://rustsec.org/advisories/RUSTSEC-2019-0036.html
An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2019-0034.html
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2019-0030.html
An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2019-0030.html
An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2019-0029.html
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2019-0028.html
An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2019-0027.html
An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2019-0026.html
An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2019-0025.html
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and...
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint). Date published : 2020-12-31 https://wpscan.com/vulnerability/10413 Critical Vulnerabilities Patched in XCloner Backup and...
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz...