Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2021
CVE-2020-11285
Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVSS Score
8.2
EPSS Score
0.002
Published
2021-05-07
CVE-2020-11288
Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CVSS Score
7.8
EPSS Score
0.0
Published
2021-05-07
CVE-2020-29444
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-07
CVE-2020-29445
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-05-07
CVE-2021-32074
HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-05-07
CVE-2021-32090
The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-05-07
CVE-2021-32091
A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-05-07
CVE-2021-32092
A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-05-07
CVE-2021-32093
The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to read arbitrary files via the ConfigName parameter.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-05-07
CVE-2021-32094
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary files.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved