Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2021
CVE-2021-25371
Known exploited
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
CVSS Score
6.1
EPSS Score
0.025
Published
2021-03-26
CVE-2021-25372
Known exploited
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
CVSS Score
6.1
EPSS Score
0.019
Published
2021-03-26
CVE-2021-22886
Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-03-26
CVE-2020-28695
Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root.
CVSS Score
8.8
EPSS Score
0.009
Published
2021-03-26
CVE-2021-21403
In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-03-26
CVE-2021-29255
MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.microseven.com TCP port 7007. An attacker on the same network as the device can capture these credentials.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-03-26
CVE-2021-20271
A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
CVSS Score
7.0
EPSS Score
0.002
Published
2021-03-26
CVE-2021-20284
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-03-26
CVE-2021-20285
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
CVSS Score
6.6
EPSS Score
0.002
Published
2021-03-26
CVE-2021-20289
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-03-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved