Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2021
CVE-2021-36176
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-11-02
CVE-2021-36183
An improper authorization vulnerability [CWE-285] in FortiClient for Windows versions 7.0.1 and below and 6.4.2 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for Forticlient updates.
CVSS Score
7.4
EPSS Score
0.001
Published
2021-11-02
CVE-2021-36184
A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-11-02
CVE-2021-36185
A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.
CVSS Score
8.8
EPSS Score
0.025
Published
2021-11-02
CVE-2021-36186
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests
CVSS Score
8.8
EPSS Score
0.004
Published
2021-11-02
CVE-2020-21572
Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 trgil gilcc before commit 803969389ca9c06237075a7f8eeb1a19e6651759, allows attackers to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-11-02
CVE-2020-21573
An issue was discoverered in in abhijitnathwani image-processing v0.1.0, allows local attackers to cause a denial of service via a crafted image file.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-11-02
CVE-2020-21574
Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows attackers to cause a denial of service via a long url request which is passed to the delimitedread function.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-11-02
CVE-2020-23685
SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-11-02
CVE-2020-23686
Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-11-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved