Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-27452
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-14
CVE-2022-27455
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-14
CVE-2022-27456
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-14
CVE-2022-27457
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-14
CVE-2021-43286
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.029
Published
2022-04-14
CVE-2021-43288
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.
CVSS Score
5.4
EPSS Score
0.016
Published
2022-04-14
CVE-2021-43289
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into an arbitrary directory of a GoCD server, but does not control the filename.
CVSS Score
7.5
EPSS Score
0.034
Published
2022-04-14
CVE-2021-43290
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD agent can upload a malicious file into a directory of a GoCD server. They can control the filename but the directory is placed inside of a directory that they can't control.
CVSS Score
9.8
EPSS Score
0.047
Published
2022-04-14
CVE-2021-43633
Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-04-14
CVE-2022-26507
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Score
9.8
EPSS Score
0.067
Published
2022-04-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved