Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-20080
In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290.
CVSS Score
6.4
EPSS Score
0.0
Published
2022-04-11
CVE-2022-20081
In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-04-11
CVE-2022-22253
The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-04-11
CVE-2022-22254
A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-11
CVE-2022-22255
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-04-11
CVE-2022-22256
The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-11
CVE-2022-22257
The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-11
CVE-2022-22258
The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-11
CVE-2022-22571
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-04-11
CVE-2022-22572
A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1.
CVSS Score
8.8
EPSS Score
0.197
Published
2022-04-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved