Security Vulnerabilities - CVEs Published In February 2021
An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAAA is stored in the database as MMMMMMMM.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-02-05
Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.026
Published
2021-02-05
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-02-05
In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-02-05
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-02-05
Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-05
LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar.
CVSS Score
6.1
EPSS Score
0.299
Published
2021-02-05
An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-02-05
Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-02-05
Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.
CVSS Score
7.5
EPSS Score
0.009
Published
2021-02-05