Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-27089
In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-04-11
CVE-2022-26413
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
CVSS Score
8.0
EPSS Score
0.006
Published
2022-04-11
CVE-2022-26414
A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to cause a denial of service.
CVSS Score
6.0
EPSS Score
0.0
Published
2022-04-11
CVE-2022-0556
A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.
CVSS Score
7.3
EPSS Score
0.0
Published
2022-04-11
CVE-2022-1295
Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.
CVSS Score
7.3
EPSS Score
0.006
Published
2022-04-11
CVE-2022-1296
Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.
CVSS Score
6.6
EPSS Score
0.003
Published
2022-04-11
CVE-2022-1297
Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.
CVSS Score
6.6
EPSS Score
0.003
Published
2022-04-11
CVE-2022-1252
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents
CVSS Score
8.2
EPSS Score
0.002
Published
2022-04-11
CVE-2022-0936
Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0.
CVSS Score
7.6
EPSS Score
0.002
Published
2022-04-11
CVE-2022-1045
Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.
CVSS Score
9.0
EPSS Score
0.003
Published
2022-04-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved