Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2021-33193
A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.
CVSS Score
7.5
EPSS Score
0.009
Published
2021-08-16
CVE-2021-35936
If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.
CVSS Score
5.3
EPSS Score
0.014
Published
2021-08-16
CVE-2021-3707
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device.
CVSS Score
5.5
EPSS Score
0.065
Published
2021-08-16
CVE-2021-3708
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.
CVSS Score
7.8
EPSS Score
0.114
Published
2021-08-16
CVE-2021-38711
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-16
CVE-2021-38712
OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-16
CVE-2021-38713
imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-16
CVE-2021-38708
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-16
CVE-2021-38709
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-16
CVE-2021-26086
Known exploited
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
CVSS Score
5.3
EPSS Score
0.942
Published
2021-08-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved