Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2021
CVE-2021-42583
A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-12-28
CVE-2021-45814
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-28
CVE-2021-45812
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-28
CVE-2021-45813
SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-28
CVE-2021-45903
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-12-28
CVE-2019-20082
ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.
CVSS Score
9.8
EPSS Score
0.013
Published
2021-12-28
CVE-2021-37400
An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-12-28
CVE-2021-37401
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-12-28
CVE-2021-45425
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.
CVSS Score
6.1
EPSS Score
0.017
Published
2021-12-28
CVE-2018-17875
A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.096
Published
2021-12-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved