Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2023
CVE-2022-47747
kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-20
CVE-2022-48126
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-01-20
CVE-2022-48124
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-01-20
CVE-2022-48125
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-01-20
CVE-2022-43959
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.
CVSS Score
4.9
EPSS Score
0.006
Published
2023-01-20
CVE-2022-48121
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-01-20
CVE-2022-48122
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-01-20
CVE-2022-48123
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-01-20
CVE-2022-41441
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.
CVSS Score
6.1
EPSS Score
0.088
Published
2023-01-20
CVE-2021-37499
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-01-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved