Security Vulnerabilities - CVEs Published In February 2021
Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-02-10
The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6).
CVSS Score
9.8
EPSS Score
0.019
Published
2021-02-10
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.
CVSS Score
9.8
EPSS Score
0.015
Published
2021-02-10
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
CVSS Score
9.8
EPSS Score
0.94
Published
2021-02-10
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-09
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-02-09
An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-09
An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-02-09
An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-02-09
An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop.
CVSS Score
5.3
EPSS Score
0.004
Published
2021-02-09