Security Vulnerabilities - CVEs Published In January 2021
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
CVSS Score
7.5
EPSS Score
0.002
Published
2021-01-26
PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!zlibVersion+0x0000000000004e5e via a crafted BMP image.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-01-26
PlugIns\IDE_ACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDE_ACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-01-26
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-01-26
An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-01-26
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-01-26
An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-01-26
An issue was discovered in the av-data crate before 0.3.0 for Rust. A raw pointer is dereferenced, leading to a read of an arbitrary memory address, sometimes causing a segfault.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-01-26
An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.
CVSS Score
9.1
EPSS Score
0.004
Published
2021-01-26
An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for Rust. When a TransformContent panic occurs, a double drop can be performed.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-01-26