Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2021
CVE-2021-41770
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-07
CVE-2021-42054
ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-07
CVE-2021-42053
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-07
CVE-2021-26556
When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-10-07
CVE-2021-26557
When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-10-07
CVE-2021-21682
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.
CVSS Score
4.3
EPSS Score
0.006
Published
2021-10-06
CVE-2021-21683
The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-10-06
CVE-2021-21684
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-06
CVE-2020-21658
A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-10-06
CVE-2020-21648
WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php.
CVSS Score
9.1
EPSS Score
0.004
Published
2021-10-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved