Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2021-39117
The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-08-30
CVE-2021-39272
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-08-30
CVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
CVSS Score
8.8
EPSS Score
0.049
Published
2021-08-30
CVE-2021-38385
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-08-30
CVE-2021-39271
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
CVSS Score
8.8
EPSS Score
0.04
Published
2021-08-30
CVE-2021-37749
MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-08-30
CVE-2021-40172
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29
CVE-2021-40173
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29
CVE-2021-40174
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-08-29
CVE-2021-40175
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
CVSS Score
9.8
EPSS Score
0.093
Published
2021-08-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved