Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2022
CVE-2021-45005
Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-02-14
CVE-2021-46461
njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-02-14
CVE-2021-46462
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-02-14
CVE-2021-46463
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().
CVSS Score
9.8
EPSS Score
0.005
Published
2022-02-14
CVE-2021-4201
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions.
CVSS Score
9.6
EPSS Score
0.009
Published
2022-02-14
CVE-2022-0581
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.001
Published
2022-02-14
CVE-2022-0582
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.001
Published
2022-02-14
CVE-2019-25057
In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-02-14
CVE-2021-45310
Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information disclosure vulnerability due to an improper access restriction. Users information such as first name, last name, acount id, server uuid, email address, profile image, number, timestamps, etc can be extracted by sending an unauthenticated HTTP GET request to the https://Switchvox-IP/main?cmd=invalid_browser.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-02-14
CVE-2022-22295
Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability in parameter_admin.class.php via the table_para parameter.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-02-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved