393 matches found
CVE-2021-26955
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on unvalidated bytes from an X server...
CVE-2020-15836
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root...
CVE-2020-15832
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key but not the root password can remotely reboot the device...
CVE-2020-13857
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request...
CVE-2020-15834
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface...
CVE-2020-13859
CVE-2020-13859 affects Mofi Network MOFI4500-4GXeLTE devices running 4.0.8-std. A format error in /etc/shadow plus a logic bug in the LuCI/OpenWrt configuration interface enables the undocumented user account “mofidev” to access cgi-bin/luci/quick/wizard without a password via a forgotten-passwor...
Mofi Network MOFI-GXeLTE 安全漏洞
The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. A security vulnerability exists in the Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices, which can be exploited by an attacker to log in to the mofidev user with an arbitrary password, and then change the password of the roo...
Mofi Network MOFI4500-4GXeLTE 安全漏洞
The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. An unauthorized RCE vulnerability exists in Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The vulnerability stems from the authentication function passing untrusted data to the operating system without proper destruction...
Mofi Network MOFI4500-4GXeLTE 安全漏洞
The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. A remote reboot backdoor vulnerability exists in the Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices, which can be exploited by an attacker to reboot the device by accessing /cgi-bin/poof.cgi with a private key...
OSV-2017-126 Bad-cast to const std::__1::__less<unsigned long, unsigned long> *_start
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=606 Crash type: Bad-cast Crash state: Bad-cast to const std::1::less start...
OSV-2018-206 Heap-buffer-overflow in parse_sigalgs_list
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9808 Crash type: Heap-buffer-overflow READ 1 Crash state: parsesigalgslist SSLCTXset1sigalgslist std::1::functionvoid...
CVE-2020-35920
An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation...
CVE-2020-35919
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation...
CVE-2020-35919
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation...
CVE-2020-35919
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation...
Memory corruption
An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation...
Memory corruption
An issue was discovered in the mio crate before 0.7.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation...
CVE-2020-35920
An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation...
Memory corruption
An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation...
Memory corruption
An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation...