An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption. Date published...
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM)....
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption. Date published : 2020-12-31 https://rustsec.org/advisories/RUSTSEC-2020-0001.html
HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system. Date published : 2020-12-31 https://www.twcert.org.tw/en/cp-139-4264-f10f4-2.html
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. Date published : 2020-12-31 https://www.twcert.org.tw/tw/cp-132-4262-03785-1.html
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. Date published : 2020-12-31 https://www.twcert.org.tw/tw/cp-132-4261-d5379-1.html
HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks. Date published : 2020-12-31 https://www.twcert.org.tw/tw/cp-132-4260-ba376-1.html
HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks. Date published : 2020-12-31 https://www.twcert.org.tw/tw/cp-132-4259-90f23-1.html
qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used. Date published : 2020-12-31 http://seclists.org/fulldisclosure/2021/Jan/10 http://packetstormsecurity.com/files/160733/qdPM-9.1-PHP-Object-Injection.html
The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files. Date published : 2020-12-31 https://www.twcert.org.tw/tw/cp-132-4258-0a8a0-1.html
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism. Date published : 2020-12-31 https://www.twcert.org.tw/tw/cp-132-4256-cfc5a-1.html
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user’s credential. Date...
Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user’s credential. Date published : 2020-12-31...
The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege. Date published :...