Shodan
Vulnerabilities
Vulnerable Software
Debian:  >> Debian Linux  >> 11.0  Security Vulnerabilities
CVE-2021-22945
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
CVSS Score
9.1
EPSS Score
0.004
Published
2021-09-23
CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-09-19
CVE-2020-21596
libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-09-16
CVE-2020-21597
libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-09-16
CVE-2020-21598
libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-09-16
CVE-2020-21599
libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-16
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVSS Score
7.5
EPSS Score
0.117
Published
2021-09-16
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
CVSS Score
7.5
EPSS Score
0.05
Published
2021-09-16
CVE-2021-39275
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVSS Score
9.8
EPSS Score
0.47
Published
2021-09-16
CVE-2021-40438
Known exploited
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVSS Score
9.0
EPSS Score
0.944
Published
2021-09-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved