NHIServiSignAdapter
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25844 | Hig | 0.53 | 8.1 | 0.02 | Dec 31, 2020 | The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege. | ||
| CVE-2020-25843 | Hig | 0.53 | 8.1 | 0.02 | Dec 31, 2020 | NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege. | ||
| CVE-2020-25846 | Hig | 0.49 | 7.5 | 0.01 | Dec 31, 2020 | The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential. | ||
| CVE-2020-25845 | Hig | 0.49 | 7.5 | 0.01 | Dec 31, 2020 | Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential. | ||
| CVE-2020-25842 | Hig | 0.49 | 7.5 | 0.01 | Dec 31, 2020 | The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege. |
- risk 0.53cvss 8.1epss 0.02
The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.
- risk 0.53cvss 8.1epss 0.02
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.
- risk 0.49cvss 7.5epss 0.01
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
- risk 0.49cvss 7.5epss 0.01
Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
- risk 0.49cvss 7.5epss 0.01
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.