Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2021
CVE-2021-3963
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.001
Published
2021-11-19
CVE-2021-3968
vim is vulnerable to Heap-based Buffer Overflow
CVSS Score
8.0
EPSS Score
0.003
Published
2021-11-19
CVE-2021-3973
vim is vulnerable to Heap-based Buffer Overflow
CVSS Score
7.3
EPSS Score
0.002
Published
2021-11-19
CVE-2021-41435
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
CVSS Score
9.8
EPSS Score
0.049
Published
2021-11-19
CVE-2021-41436
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.
CVSS Score
7.5
EPSS Score
0.053
Published
2021-11-19
CVE-2021-3950
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
8.8
EPSS Score
0.004
Published
2021-11-19
CVE-2021-3957
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.6
EPSS Score
0.001
Published
2021-11-19
CVE-2021-3974
vim is vulnerable to Use After Free
CVSS Score
7.3
EPSS Score
0.002
Published
2021-11-19
CVE-2021-3976
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.001
Published
2021-11-19
CVE-2021-39231
In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.
CVSS Score
9.1
EPSS Score
0.019
Published
2021-11-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved