Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2021
CVE-2021-27730
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-03-02
CVE-2021-25306
A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands.
CVSS Score
7.5
EPSS Score
0.009
Published
2021-03-02
CVE-2021-25309
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does not implement any lockout or throttling functionality. This situation (together with the weak password policy that forces a 4-digit password) allows remote attackers to easily obtain administrative access via brute-force attacks.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-03-02
CVE-2021-27731
Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA_9_12_444 and later.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-03-02
CVE-2021-27804
JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-03-02
CVE-2021-27888
ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-03-02
CVE-2021-27886
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.
CVSS Score
9.8
EPSS Score
0.041
Published
2021-03-02
CVE-2021-27884
Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.
CVSS Score
5.1
EPSS Score
0.001
Published
2021-03-01
CVE-2021-26476
EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.
CVSS Score
9.8
EPSS Score
0.029
Published
2021-03-01
CVE-2021-26702
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.
CVSS Score
6.1
EPSS Score
0.049
Published
2021-03-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved