Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2022
CVE-2022-22831
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
CVSS Score
9.8
EPSS Score
0.159
Published
2022-02-06
CVE-2022-22832
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
CVSS Score
9.8
EPSS Score
0.176
Published
2022-02-06
CVE-2022-23206
In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-02-06
CVE-2022-0502
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-02-06
CVE-2021-38172
perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)
CVSS Score
9.8
EPSS Score
0.012
Published
2022-02-05
CVE-2022-0501
Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12.
CVSS Score
8.6
EPSS Score
0.003
Published
2022-02-05
CVE-2022-0437
Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.
CVSS Score
5.4
EPSS Score
0.121
Published
2022-02-05
CVE-2022-24114
Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
CVSS Score
7.0
EPSS Score
0.0
Published
2022-02-04
CVE-2022-24115
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-04
CVE-2022-23587
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-02-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved