Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2021
CVE-2021-20071
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-02-16
CVE-2021-20072
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.
CVSS Score
7.2
EPSS Score
0.019
Published
2021-02-16
CVE-2021-20073
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-02-16
CVE-2021-20074
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-02-16
CVE-2021-20075
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-02-16
CVE-2021-27203
In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-02-16
CVE-2020-11635
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-16
CVE-2020-28918
DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an "unknown username" error message.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-02-16
CVE-2020-29457
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
CVSS Score
4.4
EPSS Score
0.001
Published
2021-02-16
CVE-2021-20066
JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.
CVSS Score
5.6
EPSS Score
0.004
Published
2021-02-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved