Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2021
CVE-2021-37588
In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.
CVSS Score
5.9
EPSS Score
0.002
Published
2021-07-30
CVE-2021-37593
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.
CVSS Score
9.1
EPSS Score
0.005
Published
2021-07-30
CVE-2021-37594
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-07-30
CVE-2021-37595
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-07-30
CVE-2021-37596
Telegram Web K Alpha 0.6.1 allows XSS via a document name.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-30
CVE-2021-37600
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-07-30
CVE-2021-37601
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.
CVSS Score
7.5
EPSS Score
0.007
Published
2021-07-30
CVE-2021-34165
A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-07-30
CVE-2021-34166
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-07-30
CVE-2021-34802
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-07-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved