Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2021
CVE-2020-27283
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-01-06
CVE-2020-36177
RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-01-06
CVE-2020-8160
MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a Cross-Site Scripting vulnerability via the URL path. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-01-06
CVE-2020-36171
The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-01-06
CVE-2020-36172
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-06
CVE-2020-36173
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-01-06
CVE-2020-36174
The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via services integration.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-01-06
CVE-2020-36175
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-01-06
CVE-2020-36176
The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-01-06
CVE-2020-13544
An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop’s index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-01-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved