Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2021
CVE-2021-32095
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary files.
CVSS Score
8.1
EPSS Score
0.002
Published
2021-05-07
CVE-2021-32096
The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-05-07
CVE-2021-32098
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
CVSS Score
9.8
EPSS Score
0.028
Published
2021-05-07
CVE-2021-32099
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
CVSS Score
9.8
EPSS Score
0.601
Published
2021-05-07
CVE-2021-32100
A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-05-07
CVE-2021-32101
The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient.
CVSS Score
8.2
EPSS Score
0.002
Published
2021-05-07
CVE-2021-32102
A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php in OpenEMR 5.0.2.1.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-05-07
CVE-2021-32103
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.
CVSS Score
4.8
EPSS Score
0.005
Published
2021-05-07
CVE-2021-32104
A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in OpenEMR 5.0.2.1.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-05-07
CVE-2021-32077
Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet user to discover Social Security Number (SSN) values via a brute-force attack on a (sometimes hidden) search field, because the last four SSN digits are part of the supported combination of search selectors. This discloses doctors' and nurses' social security numbers and PII.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-05-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved