Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2021-45757
ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).
CVSS Score
7.5
EPSS Score
0.007
Published
2022-03-23
CVE-2022-0396
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-03-23
CVE-2022-1033
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-03-23
CVE-2022-27666
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CVSS Score
7.8
EPSS Score
0.008
Published
2022-03-23
CVE-2022-25518
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-22
CVE-2021-33961
A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-03-22
CVE-2022-26186
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi.
CVSS Score
9.8
EPSS Score
0.054
Published
2022-03-22
CVE-2022-26187
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.
CVSS Score
9.8
EPSS Score
0.15
Published
2022-03-22
CVE-2022-26188
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.
CVSS Score
9.8
EPSS Score
0.149
Published
2022-03-22
CVE-2022-26189
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface.
CVSS Score
9.8
EPSS Score
0.149
Published
2022-03-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved