Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2021-21680
Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity (XXE) attacks.
CVSS Score
7.1
EPSS Score
0.017
Published
2021-08-31
CVE-2021-21681
Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-08-31
CVE-2021-35221
Improper Access Control Tampering Vulnerability using ImportAlert function which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
CVSS Score
6.3
EPSS Score
0.005
Published
2021-08-31
CVE-2021-35222
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
CVSS Score
8.0
EPSS Score
0.007
Published
2021-08-31
CVE-2021-35219
ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page.
CVSS Score
6.0
EPSS Score
0.001
Published
2021-08-31
CVE-2021-35220
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
CVSS Score
8.1
EPSS Score
0.016
Published
2021-08-31
CVE-2021-39316
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
CVSS Score
7.5
EPSS Score
0.907
Published
2021-08-31
CVE-2021-33555
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-08-31
CVE-2021-34559
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may allow remote attackers to rewrite links and URLs in cached pages to arbitrary strings.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-31
CVE-2021-34560
In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a password field with autocomplete enabled. The stored credentials can be captured by an attacker who gains control over the user's computer. Therefore the user must have logged in at least once.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-08-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved