Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2021
CVE-2020-35211
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-12-16
CVE-2020-35213
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.
CVSS Score
8.1
EPSS Score
0.004
Published
2021-12-16
CVE-2020-35214
An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.
CVSS Score
8.1
EPSS Score
0.002
Published
2021-12-16
CVE-2020-35215
An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-12-16
CVE-2020-35216
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages.
CVSS Score
5.9
EPSS Score
0.004
Published
2021-12-16
CVE-2021-26800
Cross Site Request Forgery (CSRF) vulnerability in Change-password.php in phpgurukul user management system in php using stored procedure V1.0, allows attackers to change the password to an arbitrary account.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-12-16
CVE-2021-3179
GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-16
CVE-2021-37262
JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-12-16
CVE-2021-38244
A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-12-16
CVE-2021-41028
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.
CVSS Score
8.2
EPSS Score
0.001
Published
2021-12-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved