Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2020-36435
An issue was discovered in the ruspiro-singleton crate before 0.4.1 for Rust. In Singleton, Send and Sync do not have bounds checks.
CVSS Score
8.1
EPSS Score
0.003
Published
2021-08-08
CVE-2020-36436
An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab<T> and Unordered<T, S> do not have bounds on their Send and Sync traits.
CVSS Score
8.1
EPSS Score
0.003
Published
2021-08-08
CVE-2021-38185
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
CVSS Score
7.8
EPSS Score
0.267
Published
2021-08-08
CVE-2021-38173
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-08-07
CVE-2021-38166
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-08-07
CVE-2021-38167
Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unauthenticated attacker can extract a valid uuid to bypass authentication.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-08-07
CVE-2021-38168
Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-08-07
CVE-2021-38169
Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py.
CVSS Score
8.8
EPSS Score
0.04
Published
2021-08-07
CVE-2021-38165
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data.
CVSS Score
5.3
EPSS Score
0.043
Published
2021-08-07
CVE-2021-29923
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-08-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved