Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2023
CVE-2021-33926
An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-02-17
CVE-2021-33948
SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-17
CVE-2021-33949
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-02-17
CVE-2021-33950
An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-02-17
CVE-2021-33983
Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-02-17
CVE-2021-34164
Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-02-17
CVE-2021-34182
An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-17
CVE-2021-35261
File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-02-17
CVE-2021-3172
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-02-17
CVE-2022-20803
A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
CVSS Score
8.6
EPSS Score
0.002
Published
2023-02-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved