Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2023
CVE-2021-36686
Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-01-26
CVE-2021-41988
Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-26
CVE-2021-41989
Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-26
CVE-2022-1890
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-01-26
CVE-2021-36539
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
CVSS Score
6.5
EPSS Score
0.002
Published
2023-01-26
CVE-2021-28510
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-01-26
CVE-2020-22327
An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-01-26
CVE-2020-22452
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
CVSS Score
9.8
EPSS Score
0.029
Published
2023-01-26
CVE-2020-36657
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-01-26
CVE-2020-18331
Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter to /cgi-bin/webproc.
CVSS Score
9.1
EPSS Score
0.007
Published
2023-01-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved