Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2021
CVE-2021-40827
Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user.
CVSS Score
7.8
EPSS Score
0.006
Published
2021-12-15
CVE-2021-41557
Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section (or change existing work orders). The XSS payload is in the work order number.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-12-15
CVE-2021-41560
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.
CVSS Score
9.8
EPSS Score
0.462
Published
2021-12-15
CVE-2021-42220
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-15
CVE-2021-42945
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-12-15
CVE-2021-43113
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
CVSS Score
9.8
EPSS Score
0.022
Published
2021-12-15
CVE-2021-43325
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-12-15
CVE-2021-43326
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
CVSS Score
7.8
EPSS Score
0.015
Published
2021-12-15
CVE-2021-26787
A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-12-15
CVE-2021-36450
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
CVSS Score
6.1
EPSS Score
0.251
Published
2021-12-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved