Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2021
CVE-2021-35413
A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file.
CVSS Score
8.8
EPSS Score
0.032
Published
2021-12-03
CVE-2021-35414
Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php.
CVSS Score
9.8
EPSS Score
0.022
Published
2021-12-03
CVE-2021-35415
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.
CVSS Score
4.8
EPSS Score
0.006
Published
2021-12-03
CVE-2021-43415
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-12-03
CVE-2021-44349
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-12-03
CVE-2021-23562
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
CVSS Score
4.2
EPSS Score
0.009
Published
2021-12-03
CVE-2021-23758
All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution.
CVSS Score
8.1
EPSS Score
0.878
Published
2021-12-03
CVE-2021-35344
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-12-03
CVE-2021-35346
tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-12-03
CVE-2021-44348
SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-12-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved