Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2021-36368
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed.
CVSS Score
3.7
EPSS Score
0.004
Published
2022-03-13
CVE-2022-23960
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
CVSS Score
5.6
EPSS Score
0.002
Published
2022-03-13
CVE-2022-26966
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-03-12
CVE-2022-26967
GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-12
CVE-2022-0930
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
CVSS Score
8.0
EPSS Score
0.005
Published
2022-03-12
CVE-2022-0929
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
CVSS Score
6.8
EPSS Score
0.006
Published
2022-03-12
CVE-2022-0926
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-03-12
CVE-2022-0880
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
CVSS Score
7.6
EPSS Score
0.003
Published
2022-03-12
CVE-2022-26276
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-03-12
CVE-2022-26533
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-03-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved