Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2021
CVE-2021-28023
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-11-08
CVE-2021-28024
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-11-08
CVE-2021-39182
EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-11-08
CVE-2021-37850
ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ESET security product until a system reboot.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-11-08
CVE-2021-22051
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-11-08
CVE-2021-30132
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-11-08
CVE-2021-32483
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-11-08
CVE-2021-29243
Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-11-08
CVE-2021-29994
Cloudera Hue 4.6.0 allows XSS.
CVSS Score
6.1
EPSS Score
0.007
Published
2021-11-08
CVE-2021-32481
Cloudera Hue 4.6.0 allows XSS via the type parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-11-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved