Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2021
CVE-2021-32234
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
CVSS Score
9.8
EPSS Score
0.031
Published
2021-11-17
CVE-2021-43975
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
CVSS Score
6.7
EPSS Score
0.0
Published
2021-11-17
CVE-2021-43976
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
CVSS Score
4.6
EPSS Score
0.0
Published
2021-11-17
CVE-2021-43977
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-11-17
CVE-2021-40745
Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.
CVSS Score
7.5
EPSS Score
0.018
Published
2021-11-17
CVE-2021-42250
Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs.
CVSS Score
6.5
EPSS Score
0.008
Published
2021-11-17
CVE-2021-29861
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.
CVSS Score
6.2
EPSS Score
0.001
Published
2021-11-17
CVE-2021-38959
IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. IBM X-Force ID: 212046.
CVSS Score
6.2
EPSS Score
0.0
Published
2021-11-17
CVE-2021-29860
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084.
CVSS Score
6.2
EPSS Score
0.001
Published
2021-11-17
CVE-2021-42954
Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control for Windows Everyone user group (non-admin or any guest users), thereby allowing privilege escalation, unauthorized password reset, stealing of sensitive data, access to credentials in plaintext, access to registry values, tampering with configuration files, etc.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved