Security Vulnerabilities - CVEs Published In January 2021
Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-01-26
A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-01-26
TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places.
CVSS Score
9.8
EPSS Score
0.06
Published
2021-01-26
TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-01-26
An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-01-26
An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-01-26
An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.
CVSS Score
4.7
EPSS Score
0.0
Published
2021-01-26
An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur.
CVSS Score
4.7
EPSS Score
0.001
Published
2021-01-26
An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-01-26
An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur.
CVSS Score
7.0
EPSS Score
0.001
Published
2021-01-26