Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-27331
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-04-27
CVE-2022-27332
An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a Denial of Service (DoS).
CVSS Score
9.1
EPSS Score
0.004
Published
2022-04-27
CVE-2022-28085
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
CVSS Score
7.8
EPSS Score
0.002
Published
2022-04-27
CVE-2022-29700
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-04-27
CVE-2022-29701
A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-04-27
CVE-2021-41041
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-04-27
CVE-2022-26564
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
CVSS Score
6.1
EPSS Score
0.008
Published
2022-04-26
CVE-2022-27888
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-04-26
CVE-2022-28058
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php.
CVSS Score
8.1
EPSS Score
0.006
Published
2022-04-26
CVE-2022-28059
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php.
CVSS Score
8.1
EPSS Score
0.006
Published
2022-04-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved