Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2021
CVE-2021-41080
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search.
CVSS Score
9.8
EPSS Score
0.223
Published
2021-11-11
CVE-2021-41081
Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search.
CVSS Score
9.8
EPSS Score
0.36
Published
2021-11-11
CVE-2021-41833
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
CVSS Score
9.8
EPSS Score
0.273
Published
2021-11-11
CVE-2021-42002
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.
CVSS Score
9.8
EPSS Score
0.121
Published
2021-11-11
CVE-2021-42847
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
CVSS Score
9.8
EPSS Score
0.871
Published
2021-11-11
CVE-2021-43397
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin.
CVSS Score
8.8
EPSS Score
0.183
Published
2021-11-11
CVE-2021-43573
A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-11-11
CVE-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
CVSS Score
9.8
EPSS Score
0.026
Published
2021-11-10
CVE-2021-40871
An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-11-10
CVE-2021-40872
An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks) by sending crafted messages to a OPC/UA server. The server process may crash unexpectedly because of an invalid type cast, and must be restarted.
CVSS Score
7.5
EPSS Score
0.007
Published
2021-11-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved