Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2021
CVE-2021-42733
Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
5.5
EPSS Score
0.004
Published
2021-11-22
CVE-2021-26614
ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command.
CVSS Score
7.5
EPSS Score
0.035
Published
2021-11-22
CVE-2020-7882
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../')
CVSS Score
7.5
EPSS Score
0.004
Published
2021-11-22
CVE-2021-33491
OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records.
CVSS Score
6.5
EPSS Score
0.044
Published
2021-11-22
CVE-2021-33492
OX App Suite 7.10.5 allows XSS via an OX Chat room name.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-11-22
CVE-2021-33493
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.
CVSS Score
6.0
EPSS Score
0.002
Published
2021-11-22
CVE-2021-33494
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-11-22
CVE-2021-33495
OX App Suite 7.10.5 allows XSS via an OX Chat system message.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-11-22
CVE-2021-38146
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
CVSS Score
7.5
EPSS Score
0.451
Published
2021-11-22
CVE-2021-38374
OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-11-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved