Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2021
CVE-2021-30139
In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-04-21
CVE-2021-31327
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-04-21
CVE-2021-31329
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php
CVSS Score
5.4
EPSS Score
0.004
Published
2021-04-21
CVE-2021-21642
Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
8.1
EPSS Score
0.01
Published
2021-04-21
CVE-2021-21643
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-04-21
CVE-2021-21644
A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-04-21
CVE-2021-21645
Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-04-21
CVE-2021-21646
Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-04-21
CVE-2021-21647
Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Item/Read permission to schedule builds of projects without having Item/Build permission.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-04-21
CVE-2021-20454
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.
CVSS Score
8.2
EPSS Score
0.002
Published
2021-04-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved