Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2021
CVE-2020-27297
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).
CVSS Score
9.8
EPSS Score
0.004
Published
2021-01-26
CVE-2021-3278
Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass using SQL injection . Using this vulnerability, an attacker can bypass the login page.
CVSS Score
9.8
EPSS Score
0.012
Published
2021-01-26
CVE-2021-3285
jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.
CVSS Score
5.3
EPSS Score
0.08
Published
2021-01-26
CVE-2021-3286
SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-01-26
CVE-2021-3291
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
CVSS Score
7.2
EPSS Score
0.387
Published
2021-01-26
CVE-2021-3297
On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access.
CVSS Score
7.8
EPSS Score
0.8
Published
2021-01-26
CVE-2021-3304
Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login URI.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-01-26
CVE-2021-3185
A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-01-26
CVE-2021-3186
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-01-26
CVE-2021-3188
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-01-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved