Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2021
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-01-29
An issue was discovered in the marc crate before 2.0.0 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated memory, violating soundness.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-01-29
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-29
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-01-29
A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-01-29
OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account information to unauthorized users via the use of PuTTY Link (plink).
CVSS Score
5.5
EPSS Score
0.001
Published
2021-01-28
Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-01-28
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.
CVSS Score
5.3
EPSS Score
0.005
Published
2021-01-28
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.
CVSS Score
9.8
EPSS Score
0.143
Published
2021-01-28
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.
CVSS Score
7.5
EPSS Score
0.155
Published
2021-01-28


Contact Us

Shodan ® - All rights reserved