Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2021
CVE-2021-29704
IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Score
5.9
EPSS Score
0.001
Published
2021-08-23
CVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
CVSS Score
5.9
EPSS Score
0.003
Published
2021-08-23
CVE-2021-35465
Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).
CVSS Score
3.4
EPSS Score
0.001
Published
2021-08-23
CVE-2021-3693
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
CVSS Score
8.8
EPSS Score
0.018
Published
2021-08-23
CVE-2021-3694
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
CVSS Score
8.2
EPSS Score
0.006
Published
2021-08-23
CVE-2021-3728
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
6.5
EPSS Score
0.001
Published
2021-08-23
CVE-2021-3729
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.001
Published
2021-08-23
CVE-2021-3730
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
6.5
EPSS Score
0.001
Published
2021-08-23
CVE-2021-24557
The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users having Administrator role.
CVSS Score
7.2
EPSS Score
0.006
Published
2021-08-23
CVE-2021-24558
The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue
CVSS Score
5.4
EPSS Score
0.002
Published
2021-08-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved