Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2021
CVE-2021-25323
The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-01-19
CVE-2021-25324
MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-01-19
CVE-2021-25325
MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-01-19
CVE-2021-3184
MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-19
CVE-2020-27733
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-01-19
CVE-2020-4871
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.
CVSS Score
4.0
EPSS Score
0.001
Published
2021-01-19
CVE-2020-28481
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-01-19
CVE-2020-28482
This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter
CVSS Score
5.9
EPSS Score
0.003
Published
2021-01-19
CVE-2021-3181
rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.
CVSS Score
6.5
EPSS Score
0.019
Published
2021-01-19
CVE-2021-3182
D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Score
8.0
EPSS Score
0.001
Published
2021-01-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved