Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2021-42287
Known exploited
Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS Score
7.5
EPSS Score
0.94
Published
2021-11-10
CVE-2021-42278
Known exploited
Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS Score
7.5
EPSS Score
0.94
Published
2021-11-10
CVE-2021-41379
Known exploited
Windows Installer Elevation of Privilege Vulnerability
CVSS Score
5.5
EPSS Score
0.041
Published
2021-11-10
CVE-2021-42237
Known exploited
Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability.
CVSS Score
9.8
EPSS Score
0.944
Published
2021-11-05
CVE-2021-42258
Known exploited
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.
CVSS Score
9.8
EPSS Score
0.938
Published
2021-10-22
CVE-2021-30807
Known exploited
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
CVSS Score
7.8
EPSS Score
0.177
Published
2021-10-19
CVE-2021-27561
Known exploited
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
CVSS Score
9.8
EPSS Score
0.941
Published
2021-10-15
CVE-2021-20123
Known exploited
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
CVSS Score
7.5
EPSS Score
0.932
Published
2021-10-13
CVE-2021-20124
Known exploited
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
CVSS Score
7.5
EPSS Score
0.937
Published
2021-10-13
CVE-2021-41357
Known exploited
Win32k Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.146
Published
2021-10-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved