Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2021
CVE-2020-21130
Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-06-21
CVE-2020-22390
Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened.
CVSS Score
8.8
EPSS Score
0.008
Published
2021-06-21
CVE-2018-25016
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-06-21
CVE-2019-25047
Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-06-21
CVE-2020-21517
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-06-21
CVE-2021-28684
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).
CVSS Score
4.3
EPSS Score
0.003
Published
2021-06-21
CVE-2021-28833
Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-21
CVE-2021-29337
MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. This IOCTL provides the MmMapIoSpace feature for mapping physical memory.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-21
CVE-2021-33572
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
CVSS Score
3.5
EPSS Score
0.004
Published
2021-06-21
CVE-2021-31769
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component.
CVSS Score
8.8
EPSS Score
0.051
Published
2021-06-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved