Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2021
CVE-2020-24175
Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extension) 8.14, allows attackers to execute arbitrary code via a crafted archive file, related to filename handling.
CVSS Score
7.8
EPSS Score
0.017
Published
2021-02-22
CVE-2021-27370
The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-02-22
CVE-2021-27371
The Contact page in Monica 2.19.1 allows stored XSS via the Description field.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-02-22
CVE-2021-27559
The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-02-22
CVE-2021-3120
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images.
CVSS Score
9.8
EPSS Score
0.122
Published
2021-02-22
CVE-2020-19762
Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-02-22
CVE-2020-21224
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server
CVSS Score
9.8
EPSS Score
0.921
Published
2021-02-22
CVE-2021-27368
The Contact page in Monica 2.19.1 allows stored XSS via the First Name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-02-22
CVE-2021-27369
The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-02-22
CVE-2020-11282
Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVSS Score
7.8
EPSS Score
0.0
Published
2021-02-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved