Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2021-38621
The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Server before 2021-07-30 mishandles file ownership.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-08-13
CVE-2021-27741
" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection"
CVSS Score
9.1
EPSS Score
0.004
Published
2021-08-13
CVE-2021-38583
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).
CVSS Score
6.1
EPSS Score
0.012
Published
2021-08-13
CVE-2021-3573
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
CVSS Score
6.4
EPSS Score
0.0
Published
2021-08-13
CVE-2021-3635
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.
CVSS Score
4.4
EPSS Score
0.001
Published
2021-08-13
CVE-2021-31399
On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack.
CVSS Score
4.6
EPSS Score
0.002
Published
2021-08-13
CVE-2021-37344
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
CVSS Score
9.8
EPSS Score
0.511
Published
2021-08-13
CVE-2021-37345
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-08-13
CVE-2021-37346
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
CVSS Score
9.8
EPSS Score
0.511
Published
2021-08-13
CVE-2021-37347
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved