Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2021
Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service. The attack vector is sending a payload to port 189 (default root 0.0.0.0).
CVSS Score
9.8
EPSS Score
0.044
Published
2021-04-25
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
CVSS Score
8.8
EPSS Score
0.399
Published
2021-04-25
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
CVSS Score
9.6
EPSS Score
0.819
Published
2021-04-25
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
CVSS Score
8.8
EPSS Score
0.227
Published
2021-04-25
The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) extension before 0.2.3 for Visual Studio Code allows remote code execution via a crafted workspace configuration with replCommand.
CVSS Score
9.8
EPSS Score
0.04
Published
2021-04-25
react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-04-24
Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-04-24
The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for the Linux kernel, as used on Alcatel 1S phones, allows attackers to overwrite heap memory via PhysmemNewRamBackedPMR.
CVSS Score
7.0
EPSS Score
0.0
Published
2021-04-24
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
CVSS Score
7.5
EPSS Score
0.007
Published
2021-04-24
In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-04-23


Contact Us

Shodan ® - All rights reserved