Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2021
CVE-2021-44147
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-11-22
CVE-2021-44150
The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-11-22
CVE-2021-32004
This issue affects: Secomea GateManager All versions prior to 9.6. Improper Check of host header in web server of Secomea GateManager allows attacker to cause browser cache poisoning.
CVSS Score
3.7
EPSS Score
0.002
Published
2021-11-22
CVE-2021-44144
Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.
CVSS Score
9.1
EPSS Score
0.004
Published
2021-11-22
CVE-2021-42707
PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-11-22
CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
CVSS Score
9.8
EPSS Score
0.047
Published
2021-11-22
CVE-2021-42705
PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-11-22
CVE-2021-38448
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-11-22
CVE-2019-5640
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
CVSS Score
3.3
EPSS Score
0.002
Published
2021-11-22
CVE-2021-23673
This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-11-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved