Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to encrypt all file activity."
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-12
CVE-2021-38604
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
CVSS Score
7.5
EPSS Score
0.014
Published
2021-08-12
CVE-2021-38606
reNgine through 0.5 relies on a predictable directory name.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-08-12
CVE-2021-38597
wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.
CVSS Score
5.9
EPSS Score
0.002
Published
2021-08-12
CVE-2020-20975
In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-08-12
CVE-2020-20977
A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-12
CVE-2020-20979
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-08-12
CVE-2020-20981
A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-08-12
CVE-2021-20314
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
CVSS Score
9.8
EPSS Score
0.018
Published
2021-08-12
CVE-2021-27790
The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4, and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to exploit stack-based buffer overflows, allowing execution of arbitrary code as the root user account.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-08-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved