Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2021
CVE-2021-45911
An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-12-28
CVE-2020-21236
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-12-27
CVE-2020-21237
An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-27
CVE-2020-21238
An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-12-27
CVE-2021-45904
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
CVE-2021-45905
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
CVE-2021-45906
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-12-27
CVE-2021-43858
MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23-18Z` changes the accepted request body type and removes the ability to apply policy changes through this API. There is a workaround for this vulnerability: Changing passwords can be disabled by adding an explicit `Deny` rule to disable the API for users.
CVSS Score
8.8
EPSS Score
0.474
Published
2021-12-27
CVE-2021-45884
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-27
CVE-2021-45896
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-12-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved