Missing check in ArrayVec leads to out-of-bounds write.

ArrayVec::insert allows insertion of an element into the array object into the specified index. Due to a missing check on the upperbound of this index, it is possible to write out of bounds...

RUSTSEC-2020-0042 Missing check in ArrayVec leads to out-of-bounds write.

ArrayVec::insert allows insertion of an element into the array object into the specified index. Due to a missing check on the upperbound of this index, it is possible to write out of bounds...

PT-2020-17527 · Rust · Stack Crate

Name of the Vulnerable Software and Affected Versions: stack crate versions prior to 0.3.1 Description: The issue is related to the ArrayVec in the stack crate, where the insert method allows insertion of an element into the array object at a specified index. Due to a missing check on the upper...

DEBIAN-CVE-2020-25795

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insertfrom can have a memory-safety issue upon a panic...

UBUNTU-CVE-2020-25795

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insertfrom can have a memory-safety issue upon a panic...

PT-2020-16211

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2 Description An issue was discovered in the sized-chunks crate, where the array size is not checked when constructed with unit, pair, or From in the Chunk implementation. Additionally, the Clone and...

PT-2020-16212

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2 Description An issue was discovered in the sized-chunks crate, where the array size is not checked when constructed with unit and pair in the Chunk implementation. Additionally, the array size is not...

PT-2020-16214

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2 Description An issue was discovered in the sized-chunks crate, where the Chunk implementation has memory-safety issues. Specifically, the array size is not checked when constructed with unit, pair, or...

PT-2020-16213

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2 Description The issue concerns memory safety in the sized-chunks crate for Rust. Specifically, in the Chunk implementation, the array size is not checked when constructed with From, unit, or pair...

Prototype Pollution

promisehelpers is vulnerable to prototype pollution. The vulnerability exists as the insert function does not restrict proto headers to be set in objects...

CVE-2020-7723

All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function...

Code injection

All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function...

CVE-2020-7723 Prototype Pollution

All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function...

CVE-2020-7723

CVE-2020-7723 affects the JavaScript package promisehelpers. All versions prior to 0.0.6 are vulnerable to prototype pollution via the insert function, enabling an attacker to inject properties into Object.prototype (e.g., through proto ). Documented impacts include potential denial of service an...

PT-2020-19744 · Unknown · Promisehelpers

Name of the Vulnerable Software and Affected Versions: promisehelpers versions prior to 0.0.6 Description: The issue concerns Prototype Pollution via the insert function. This allows for potential manipulation of object properties. Recommendations: For versions prior to 0.0.6, update to version...

CVE-2020-19885

DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$POST'pageparaminsertname'' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability to hijack other users...

Prototype Pollution

Overview promisehelpers is a Promise helper functions Affected versions of this package are vulnerable to Prototype Pollution via the insert function. POC: const promisehelpers = require'promisehelpers'; var obj = ; promisehelpers.insert'proto', 'polluted', trueobj; console.logpolluted; // true...

Unspecified Vulnerability in Oracle E-Business Suite Common Applications (CNVD-2020-43711)

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle Corporation. The software provides customer relationship management, service management, financial management, etc. Common Applications also known as Oracle Common Application...

CVE-2020-14529

The CVE-2020-14529 entry refers to a vulnerability in Oracle Primavera Portfolio Management (Investor Module). Affected versions are 16.1.0.0–16.1.5.1, 18.0.0.0–18.0.2.0, and 19.0.0.0. It allows a low-privileged, network-accessible attacker (via HTTP) to compromise Primavera Portfolio Management,...

Savsoft Quiz 5 - Persistent Cross-Site Scripting

Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting Date: 2020-07-09 Exploit Author: Ogulcan Unverenth3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux ---Vulnerable Source Code---- functio...