Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2022
CVE-2022-0665
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.
CVSS Score
4.9
EPSS Score
0.0
Published
2022-02-22
CVE-2022-0676
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-02-22
CVE-2022-24564
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-02-21
CVE-2021-4115
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
CVSS Score
5.5
EPSS Score
0.0
Published
2022-02-21
CVE-2022-0696
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
CVSS Score
6.2
EPSS Score
0.001
Published
2022-02-21
CVE-2022-0563
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-02-21
CVE-2022-22308
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-02-21
CVE-2022-23983
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).
CVSS Score
4.3
EPSS Score
0.001
Published
2022-02-21
CVE-2022-23984
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).
CVSS Score
3.7
EPSS Score
0.007
Published
2022-02-21
CVE-2022-24295
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.
CVSS Score
8.8
EPSS Score
0.053
Published
2022-02-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved