Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2021
CVE-2021-31571
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-04-22
CVE-2021-31572
The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-04-22
CVE-2021-27400
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
CVSS Score
7.5
EPSS Score
0.002
Published
2021-04-22
CVE-2021-29653
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-04-22
CVE-2021-30476
HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-04-22
CVE-2021-22540
Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-04-22
CVE-2021-27736
FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-04-22
CVE-2021-3287
Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.
CVSS Score
9.8
EPSS Score
0.711
Published
2021-04-22
CVE-2021-31547
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-04-22
CVE-2021-31548
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. A MediaWiki user who is partially blocked or was unsuccessfully blocked could bypass AbuseFilter and have their edits completed.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-04-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved