Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2021
CVE-2020-36152
Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.
CVSS Score
8.8
EPSS Score
0.014
Published
2021-02-08
CVE-2021-26220
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-02-08
CVE-2021-26221
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-02-08
CVE-2021-26222
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-02-08
CVE-2021-26528
The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-02-08
CVE-2021-26529
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-02-08
CVE-2021-26530
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compiled with OpenSSL support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-02-08
CVE-2021-26576
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-08
CVE-2021-26910
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-08
CVE-2021-21240
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library.
CVSS Score
7.5
EPSS Score
0.019
Published
2021-02-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved