Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2021
CVE-2020-19146
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-15
CVE-2020-19147
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-09-15
CVE-2021-39307
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.
CVSS Score
6.1
EPSS Score
0.007
Published
2021-09-15
CVE-2021-3794
vuelidate is vulnerable to Inefficient Regular Expression Complexity
CVSS Score
7.5
EPSS Score
0.003
Published
2021-09-15
CVE-2021-3796
vim is vulnerable to Use After Free
CVSS Score
8.2
EPSS Score
0.001
Published
2021-09-15
CVE-2021-3797
hestiacp is vulnerable to Use of Wrong Operator in String Comparison
CVSS Score
4.8
EPSS Score
0.004
Published
2021-09-15
CVE-2021-3801
prism is vulnerable to Inefficient Regular Expression Complexity
CVSS Score
7.5
EPSS Score
0.003
Published
2021-09-15
CVE-2021-40845
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.
CVSS Score
8.8
EPSS Score
0.27
Published
2021-09-15
CVE-2020-3960
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.
CVSS Score
8.4
EPSS Score
0.001
Published
2021-09-15
CVE-2021-27662
The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01
CVSS Score
8.6
EPSS Score
0.002
Published
2021-09-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved