Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2022
CVE-2021-41460
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.283
Published
2022-06-28
CVE-2021-41687
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-28
CVE-2021-41688
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-28
CVE-2021-41689
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-28
CVE-2021-41690
DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-06-28
CVE-2021-40606
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-06-28
CVE-2021-40607
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-06-28
CVE-2021-40608
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-06-28
CVE-2021-40609
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-06-28
CVE-2021-40943
In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-06-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved