Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2021
CVE-2021-3828
nltk is vulnerable to Inefficient Regular Expression Complexity
CVSS Score
7.5
EPSS Score
0.004
Published
2021-09-27
CVE-2021-40098
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-09-27
CVE-2021-40103
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-09-27
CVE-2021-40104
An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-09-27
CVE-2021-40105
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-09-27
CVE-2021-40106
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-09-27
CVE-2021-0421
In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-09-27
CVE-2021-0422
In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-09-27
CVE-2021-0423
In memory management driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05385714.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-09-27
CVE-2021-0424
In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05393787.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-09-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved