Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2021
CVE-2021-41593
Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.
CVSS Score
8.6
EPSS Score
0.007
Published
2021-10-04
CVE-2021-41595
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-10-04
CVE-2021-41596
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.
CVSS Score
5.3
EPSS Score
0.003
Published
2021-10-04
CVE-2020-28119
Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-10-04
CVE-2021-22259
A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-10-04
CVE-2021-35296
An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-10-04
CVE-2021-36850
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-10-04
CVE-2021-39868
In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-10-04
CVE-2021-39871
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-10-04
CVE-2021-39873
In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error response.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-10-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved