Security Vulnerabilities - CVEs Published In February 2021
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
CVSS Score
6.1
EPSS Score
0.102
Published
2021-02-03
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.
CVSS Score
9.8
EPSS Score
0.011
Published
2021-02-03
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.
CVSS Score
7.5
EPSS Score
0.01
Published
2021-02-03
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.028
Published
2021-02-03
In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05454782.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-02-03
In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442011.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-02-03
In netdiag, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442006.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-02-03
In kisd, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449968.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-02-03
In aee, there is a possible memory corruption due to a stack buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457070.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-02-03
In mobile_log_d, there is a possible command injection due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05458478.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-02-03