CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2020-35875 An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly. | 7.5 | HIGH | — | 0 |
| CVE-2020-35876 An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35877 An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35878 An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35879 An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35880 An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35881 An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35883 An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. | 9.1 | CRITICAL | — | 0 |
| CVE-2020-35884 An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-35885 An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35886 An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race. | 4.7 | MEDIUM | — | 0 |
| CVE-2020-35887 An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35888 An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35889 An issue was discovered in the crayon crate through 2020-08-31 for Rust. A TOCTOU issue has a resultant memory safety violation via HandleLike. | 8.1 | HIGH | — | 0 |
| CVE-2020-35890 An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity. | 7.5 | HIGH | — | 0 |
| CVE-2020-35893 An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. | 7.5 | HIGH | — | 0 |
| CVE-2020-35894 An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur. | 7.5 | HIGH | — | 0 |
| CVE-2020-35895 An issue was discovered in the stack crate before 0.3.1 for Rust. ArrayVec has an out-of-bounds write via element insertion. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35896 An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack. | 7.5 | HIGH | — | 0 |
| CVE-2020-35897 An issue was discovered in the atom crate before 0.3.6 for Rust. An unsafe Send implementation allows a cross-thread data race. | 4.7 | MEDIUM | — | 0 |
| CVE-2018-19941 A vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows an attacker to access sensitive information stored in cleartext inside cookies via certain widely-availabl... | 7.5 | HIGH | — | 0 |
| CVE-2018-19944 A cleartext transmission of sensitive information vulnerability has been reported to affect certain QTS devices. If exploited, this vulnerability allows a remote attacker to gain access to sensitive i... | 7.5 | HIGH | — | 0 |
| CVE-2018-19945 A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renam... | 9.1 | CRITICAL | — | 0 |
| CVE-2020-11832 In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerabilit... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-11833 In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-11834 In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerabili... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-11835 In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-25797 LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user,... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-25799 LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be e... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-25011 NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-35930 Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-26165 qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used. | 8.8 | HIGH | — | 0 |
| CVE-2020-35931 An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF ... | 7.8 | HIGH | — | 0 |
| CVE-2016-20006 The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | 7.5 | HIGH | — | 0 |
| CVE-2016-20007 The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | 7.5 | HIGH | — | 0 |
| CVE-2016-20008 The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | 7.5 | HIGH | — | 0 |
| CVE-2016-20001 The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | 9.8 | CRITICAL | — | 0 |
| CVE-2016-20002 The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | 9.8 | CRITICAL | — | 0 |
| CVE-2016-20003 The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | 7.5 | HIGH | — | 0 |
| CVE-2016-20004 The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | 9.8 | CRITICAL | — | 0 |
| CVE-2016-20005 The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-20001 The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory... | 7.5 | HIGH | — | 0 |
| CVE-2018-25002 uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy. | 8.8 | HIGH | — | 0 |
| CVE-2019-25012 The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy. | 7.5 | HIGH | — | 0 |
| CVE-2020-35932 Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to i... | 7.5 | HIGH | — | 0 |
| CVE-2020-35933 A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX requ... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-35934 The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). Thi... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-35935 The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism f... | 7.5 | HIGH | — | 0 |
| CVE-2020-35936 Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotel... | 7.5 | HIGH | — | 0 |
| CVE-2020-35937 Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a re... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.