Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2022
CVE-2022-0538
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
CVSS Score
7.5
EPSS Score
0.017
Published
2022-02-09
CVE-2022-0539
Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14.
CVSS Score
6.3
EPSS Score
0.003
Published
2022-02-09
CVE-2021-25939
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost.
CVSS Score
2.7
EPSS Score
0.002
Published
2022-02-09
CVE-2021-40837
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.
CVSS Score
4.6
EPSS Score
0.003
Published
2022-02-09
CVE-2022-23378
A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable.
CVSS Score
5.4
EPSS Score
0.017
Published
2022-02-09
CVE-2022-0536
Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.
CVSS Score
2.6
EPSS Score
0.001
Published
2022-02-09
CVE-2021-37852
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-09
CVE-2022-0526
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.
CVSS Score
7.3
EPSS Score
0.003
Published
2022-02-09
CVE-2022-0527
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-02-09
CVE-2022-24694
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)
CVSS Score
4.3
EPSS Score
0.002
Published
2022-02-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved