Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2021
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-01-29
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-01-29
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-01-29
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-01-29
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-01-29
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-01-29
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).
CVSS Score
6.5
EPSS Score
0.002
Published
2021-01-29
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.
CVSS Score
8.1
EPSS Score
0.002
Published
2021-01-29
An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-01-29
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within as_string() methods.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-01-29


Contact Us

Shodan ® - All rights reserved