Shodan cve search vulnerabilities 2021 It is 4 days ago · The CVEDB API offers a quick way to check information about vulnerabilities in a service. 3 and 12. Adobe Campaign Classic Gold Standard 10 (and earlier), 20. 4. Vendors; Products; Vulnerability Details CVE-2021-32662. 76 are affected by command injection by an authenticated user. Vulnerability Details CVE-2021-39861 Acrobat Reader DC versions 2021. I patched my service and it's still showing as vulnerable. The Nextcloud Contacts application prior to version 4. Efficient and Fast: Search Shodan for specific devices, vulnerabilities (CVE), and more, all while optimizing the search speed with timeouts and custom parameters. The supported version that is affected is 12. Vulnerability Details CVE-2021-2253 Vulnerability in the Oracle Advanced Supply Chain Planning product of Oracle Supply Chain (component: Core). If exploited, this vulnerability allows attackers to execute arbitrary code. 13 ( 2022/02/11 ) and later Vulnerability Details CVE-2021-22352 There is a Configuration Defect Vulnerability in Huawei Smartphone. Apr 29, 2024 · What is CVE-2021-22986? Vulnerable products and versions; How to find systems potentially impacted by CVE-2021-22986. 3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. 0 through 18. 15. An attacker could thereby control the behavior of the application. CVEDB API - Fast Vulnerability Lookups Vulnerability Details CVE-2021-43753 Adobe Lightroom versions 4. Vulnerability Details CVE-2021-3148 An issue was discovered in SaltStack Salt before 3002. 10 ( 2021/08/19 ) and later Photo Station 5. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Jan 6, 2025 · Introduction. Authentication is not required to exploit this vulnerability. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. 32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. 002. 6. Vulnerability Details CVE-2021-46321 Tenda AC Series Router AC11_V02. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. 005. utils. 3-12. Successful exploitation could lead to information disclosure. 3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Vulnerability Details CVE-2021-40776 Adobe Lightroom Classic 10. 23120 has several SQL injection vulnerabilities. Vulnerability Details CVE-2021-21011 Adobe Captivate 2019 version 11. An authenticated attacker could leverage this vulnerability to escalate privileges. Total: 2,352 Shodan Report vuln:CVE-2021-27065. ” Vulnerability Details CVE-2021-28581 Adobe Creative Cloud Desktop 3. Vulnerability Details CVE-2021-1551 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. Vulnerability Details CVE-2021-1547 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. Vulnerability Details CVE-2021-22521 A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. Vulnerability Details CVE-2021-22887 A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. Using Shodan; Using Google Dorks; Using PublicWWW; How to exploit CVE-2021-22986 in ethical hacking engagements; Known Indicators of Compromise (IoCs) for CVE-2021-22986; How to detect and exploit CVE-2021-22986 using Pentest Vulnerability Details CVE-2021-42633 PrinterLogic Web Stack versions 19. 3 and 1. You can search using either the CVE-ID or CPE23. 18 ( 2021/09/01 ) and later Vulnerability Details CVE-2021-32610 In Archive_Tar before 1. Vulnerability Details CVE-2021-32807 The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. If exploited, this vulnerability allows remote attackers to inject malicious code. 7. Vulnerability Details CVE-2021-43784 runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Vulnerability Details CVE-2021-27132 SerComm AG Combo VD625 AGSOT_2. Vulnerability Details CVE-2021-2361 Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: SDK client integration). In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. In today’s digital landscape, understanding the vulnerabilities of internet-connected devices is crucial for cybersecurity. Vulnerability Details CVE-2021-21369 Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. 5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. 5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup. 1-12. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6. title:outlook exchange. Vulnerability Details CVE-2021-22906 Nextcloud End-to-End Encryption before 1. Last Updated: Mon Jan 13 2025 18:56:07 GMT-0800 (Pacific Standard Time) Newest? Known Exploited? Highest EPSS? Vulnerabilities? 5 days ago · The CVEDB API offers a quick way to check information about vulnerabilities in a service. 1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. We have already fixed this vulnerability in the following versions of Multimedia Console: Multimedia Console 1. This vulnerability can be exploited only as part of an attack chain. 0 and earlier allows attacker to execute code on user system Vulnerability Details CVE-2021-41151 Backstage is an open platform for building developer portals. 23120, C8030/C8035 before 103. (They might be used to run command against the salt master or minions. Identifying affected systems. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. Vulnerability Details CVE-2021-22349 There is an Input Verification Vulnerability in Huawei Smartphone. 7 and earlier versions. Exploit prediction scoring system (EPSS) score Vulnerability Details CVE-2021-43776 Backstage is an open platform for building developer portals. 1 on October 7, 2021, to address all of the vulnerabilities reported by Tenable Research. 3. Vulnerability Details CVE-2021-43019 Adobe Creative Cloud version 5. Vulnerability Details CVE-2021-1553 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. Total: 89 Shodan Report vuln:cve-2021-34473 country:GB Jul 4, 2023 · As previously mentioned, it is possible to search for CVEs on Shodan and it can provide a quick and easy way to identify devices or systems that are vulnerable to a specific CVE. When successfully exploited, this vulnerability allows an unauthenticated attacker to obtain full control of the target, compromise all services and databases used by the Confluence Server, and pivot in the internal network. Vulnerability Details CVE-2021-2269 Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price Book). Vulnerability Details CVE-2021-36051 XMP Toolkit SDK version 2020. exe service. Vendors; Products; Vulnerability Details CVE-2021-21009. 20060 (and earlier), 2020. Search Engine for the Internet of Things. Vulnerability Details CVE-2021-1266 A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. 1 (and Vulnerability Details CVE-2021-39221 Nextcloud is an open-source, self-hosted productivity platform. 13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records. 1. 982891] INFO: task iou-sqp-4294:4295 blocked for more than 122 seconds. 5. 01. Vulnerability Details CVE-2021-28668 Xerox AltaLink B80xx before 103. 4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. 004. Vulnerability Details CVE-2021-27785 HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. Vendors; Products; Vulnerability Details CVE-2021-45637. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). General. Vulnerability Details CVE-2021-3606 OpenVPN before version 2. verified:100 net:0/0. Vulnerability Details CVE-2021-27495 Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1. 003. Sending crafted web requests to the Salt API can result in salt. 20 ( 2022/02/15 ) and later Photo Station 5. Search Engine for the Internet of Things. Products affected by CVE-2021-45637. thin. 23120, C8045/C8055 before 103. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. 3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. View API Docs View Dashboard Vulnerability Details CVE-2021-44231 Internally used text extraction reports allow an attacker to inject code that can be executed by the application. 30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. 14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. Vulnerability Details CVE-2021-1549 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. 13 ( 2021/08/19 ) and later Photo Station 6. Vulnerability Details CVE-2021-22512 Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. 3 ( 2021/10/05 ) and later Vulnerability Details CVE-2021-39863 Acrobat Reader DC versions 2021. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Vulnerability Details CVE-2021-41164 CKEditor4 is an open source WYSIWYG HTML editor. 5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. 5, eauth tokens can be used once after expiration. Vulnerability Details CVE-2021-20073 Racom's MIDGE Firmware 4. 23120 and C8070 before 103. Exploit prediction scoring system (EPSS) score This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. 40. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. Vulnerability Details CVE-2021-22351 There is a Credentials Management Errors Vulnerability in Huawei Smartphone. In Besu before version 1. 30199 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory information in the context of the current user. 3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority. 16 ( 2022/02/11 ) and later Photo Station 5. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. Vulnerability Details CVE-2021-3197 An issue was discovered in SaltStack Salt before 3002. Exploit prediction scoring system (EPSS) score Vulnerability Details CVE-2021-42529 XMP Toolkit SDK version 2021. CVEDB API - Fast Vulnerability Lookups. 008. 3 ( 2021/10/05 ) and later Multimedia Console 1. ) Vulnerability Details CVE-2021-46947 In the Linux kernel, the following vulnerability has been resolved: sfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues efx->xdp_tx_queue_count is initially initialized to num_possible_cpus() and is later used to allocate and traverse efx->xdp_tx_queues lookup array. 2. Vulnerability Details CVE-2021-3144 In SaltStack Salt before 3002. The vulnerability requires the victim to first perform a particular operation on the website. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine. 011. 2,Ypsomed mylife App,All versions prior to 1. Exploit prediction scoring system (EPSS) score Vulnerability Details CVE-2021-35976 The feature to preview a website in Plesk Obsidian 18. Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table,causing system exceptions. 4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation. cve-2015-0204 Mar 24, 2023 · Business impact of CVE-2021-26084. 18 ( 2021/09/01 ) and later Vulnerability Details CVE-2021-1401 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. The vulnerability affects version 6. Vulnerability Details CVE-2021-45531 NETGEAR D6220 devices before 1. Russian Federation 344; United States 207; China 192; Germany 130; Hong Kong 82 shodan search "Server: Apache" This cheat sheet provides a foundation for using Shodan in penetration testing and security assessments, with specific strategies for conducting company-specific reconnaissance for bug bounties. Multiple Search Options: Search for general queries, CVEs, and specific device types, making it perfect for bug hunting and vulnerability research. Vulnerability Details CVE-2021-28613 Adobe Creative Cloud Desktop Application version 5. Vulnerability Details CVE-2021-35228 This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. 1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. 001. An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038 . Adobe Campaign Classic before 20. Note: CVE-2021-2018 affects Windows platform only. 2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks Vulnerability Details CVE-2021-41165 CKEditor4 is an open source WYSIWYG HTML editor. 020. Total: 911,614,741. exe). A list of Tenable plugins for this vulnerability can be found on the individual CVE pages for CVE-2021-20123 and CVE-2021-20124 as they’re released. The vulnerability affects all version 6. A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. Vulnerability Details CVE-2021-22354 There is an Information Disclosure Vulnerability in Huawei Smartphone. 07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. 3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . Dec 13, 2024 · Free CVE Search: One of the most exciting updates in ShodanSpider v2 is the CVE search feature, which allows you to search for known vulnerabilities (CVEs) directly from Shodan’s database. Most likely the vulnerability you're seeing is an unverified vulnerability that Shodan is associating based on Advanced Search; Vulnerable Software. If exploited, this vulnerability allows attackers to compromise the security of the system. 2 have an out-of-bounds read vulnerability. 499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Successful exploitation of insufficient input verification may cause the system to restart. 5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint. Vulnerability Details CVE-2021-24922 The Pixel Cat WordPress plugin before 2. gen_thin() command injection because of different handling of single versus double quotes. Vulnerability Details CVE-2021-22511 Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. 1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. 104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. 0. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. Vulnerability Details CVE-2021-36002 Adobe Captivate version 11. Search query: vuln:CVE-2021-26855 cve-2021-34740 A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. Vulnerability Details CVE-2021-1552 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. Countries. Vulnerability Details CVE-2021-2398 Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12. Vulnerability Details CVE-2021-1555 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. 4 (and earlier) is affected by a file handling vulnerability that could allow an attacker to arbitrarily overwrite a file. Total: 125,868 Shodan Report http. Vulnerability Details CVE-2021-23980 A mutation XSS affects users calling bleach. Products affected by CVE-2021-32662. Shodan has emerged as a unique tool in this domain, often referred to as “the search engine for hackers. 03. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5. 105 contains an issue that allows for cross-site request forgeries. Advanced Search; Vulnerable Software. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges. Sep 9, 2024 · DrayTek released VigorConnect version 1. 18 ( 2021/09/01 ) and later Vulnerability Details CVE-2021-34741 A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. How to find targets vulnerable to CVE-2021-26084 in your environment The facet analysis page of the main Shodan website can be used to see the results or you can run a command via the CLI such as shodan stats --facets vuln. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request. But with ShodanSpider v2, you get this premium feature completely free. Vulnerability Details CVE-2021-1550 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. Vulnerability Details CVE-2021-2015 Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). 3, 1. Vulnerability Details CVE-2021-1548 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. 10. Vulnerability Details CVE-2021-28547 Adobe Creative Cloud Desktop Application for macOS version 5. Successful exploitation of this vulnerability may cause out-of-bounds read. Exploit prediction scoring system (EPSS) score Vulnerability Details CVE-2021-42531 XMP Toolkit SDK version 2021. Gitlab: >> Gitlab-Vscode-Extension Security Vulnerabilities CVE-2021-22195 Client side code execution in gitlab-vscode-extension v3. Germany 33,004; United States 23,518; United Kingdom 5,270; France 5,248; Italy 4,722 Vulnerability Details CVE-2021-21078 Adobe Creative Cloud Desktop Application version 5. Vulnerability Details CVE-2021-46942 In the Linux kernel, the following vulnerability has been resolved: io_uring: fix shared sqpoll cancellation hangs [ 736. 30006 (and earlier) and 2017. Vulnerability Details CVE-2021-29785 IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. 0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header. clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and Vulnerability Details CVE-2021-40766 Adobe Character Animator version 4. Vulnerability Details CVE-2021-1554 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform command injection attacks against an affected device. 1 and 12. This feature was previously locked behind Shodan’s paid plans. Vulnerability Details CVE-2021-22510 Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands. jfcvhadvdpzsduzzmiduilozipmtuivqnmtmhkpfxa