Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2021
CVE-2021-23448
All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-10-11
CVE-2021-42257
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.
CVSS Score
7.1
EPSS Score
0.001
Published
2021-10-11
CVE-2021-42260
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-11
CVE-2020-27372
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-10-11
CVE-2021-25738
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-10-11
CVE-2021-40188
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.
CVSS Score
7.2
EPSS Score
0.008
Published
2021-10-11
CVE-2021-40189
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.
CVSS Score
7.2
EPSS Score
0.02
Published
2021-10-11
CVE-2021-40239
A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c
CVSS Score
9.8
EPSS Score
0.005
Published
2021-10-11
CVE-2021-40617
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-10-11
CVE-2021-42252
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-10-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved