Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2021
CVE-2020-20444
Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability .
CVSS Score
7.2
EPSS Score
0.003
Published
2021-06-16
CVE-2020-22198
SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-06-16
CVE-2020-24939
Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-16
CVE-2020-27339
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).
CVSS Score
6.7
EPSS Score
0.001
Published
2021-06-16
CVE-2020-35759
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).
CVSS Score
6.5
EPSS Score
0.002
Published
2021-06-16
CVE-2020-35760
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
CVSS Score
9.8
EPSS Score
0.013
Published
2021-06-16
CVE-2020-35761
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-06-16
CVE-2021-27610
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.
CVSS Score
9.0
EPSS Score
0.005
Published
2021-06-16
CVE-2021-34801
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.
CVSS Score
5.3
EPSS Score
0.01
Published
2021-06-16
CVE-2021-34803
TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certain situations.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved