Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2021
CVE-2021-37922
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another.
CVSS Score
5.3
EPSS Score
0.26
Published
2021-10-07
CVE-2021-37923
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
CVE-2021-37924
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
CVE-2021-37926
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.36
Published
2021-10-07
CVE-2021-37928
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
CVE-2021-37929
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
CVE-2021-37930
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
CVE-2021-37931
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-10-07
CVE-2021-3833
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-10-07
CVE-2021-41794
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved