Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2022
CVE-2021-4080
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
CVSS Score
8.8
EPSS Score
0.004
Published
2022-01-12
CVE-2021-44648
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-01-12
CVE-2021-44649
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-01-12
CVE-2021-3852
growi is vulnerable to Authorization Bypass Through User-Controlled Key
CVSS Score
6.3
EPSS Score
0.002
Published
2022-01-12
CVE-2022-0179
snipe-it is vulnerable to Missing Authorization
CVSS Score
6.3
EPSS Score
0.002
Published
2022-01-12
CVE-2022-0159
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
7.4
EPSS Score
0.002
Published
2022-01-12
CVE-2022-0087
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
7.1
EPSS Score
0.561
Published
2022-01-12
CVE-2021-41767
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-01-11
CVE-2021-43999
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.
CVSS Score
8.8
EPSS Score
0.018
Published
2022-01-11
CVE-2021-46283
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-01-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved