Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2021
CVE-2020-36246
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-19
CVE-2021-26746
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-02-19
CVE-2021-27405
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-02-19
CVE-2019-25024
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter.
CVSS Score
9.8
EPSS Score
0.413
Published
2021-02-19
CVE-2021-27403
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS.
CVSS Score
6.1
EPSS Score
0.009
Published
2021-02-19
CVE-2021-27404
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-02-19
CVE-2020-19513
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-19
CVE-2021-26712
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
CVSS Score
7.5
EPSS Score
0.017
Published
2021-02-18
CVE-2021-26747
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.244
Published
2021-02-18
CVE-2020-35591
Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user's account through the active session.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-02-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved