Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2021
CVE-2020-20982
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.
CVSS Score
9.6
EPSS Score
0.356
Published
2021-11-03
CVE-2021-37148
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.
CVSS Score
7.5
EPSS Score
0.008
Published
2021-11-03
CVE-2021-37149
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.
CVSS Score
7.5
EPSS Score
0.008
Published
2021-11-03
CVE-2021-38161
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.
CVSS Score
8.1
EPSS Score
0.015
Published
2021-11-03
CVE-2021-41585
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.
CVSS Score
7.5
EPSS Score
0.01
Published
2021-11-03
CVE-2021-43082
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.
CVSS Score
9.8
EPSS Score
0.012
Published
2021-11-03
CVE-2021-37147
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-11-03
CVE-2021-43130
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-11-03
CVE-2021-43324
LibreNMS through 21.10.2 allows XSS via a widget title.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-11-03
CVE-2021-36697
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
CVSS Score
6.7
EPSS Score
0.002
Published
2021-11-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved