Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2021
CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CVSS Score
5.9
EPSS Score
0.721
Published
2021-12-18
CVE-2021-4131
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
6.5
EPSS Score
0.001
Published
2021-12-18
CVE-2021-4130
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.002
Published
2021-12-18
CVE-2021-41497
Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-17
CVE-2021-41498
Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-17
CVE-2021-41499
Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-12-17
CVE-2021-41500
Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-17
CVE-2021-23450
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
CVSS Score
7.5
EPSS Score
0.024
Published
2021-12-17
CVE-2021-23797
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-12-17
CVE-2021-23803
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved