Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-1224
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-04
CVE-2022-1225
Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-04
CVE-2022-24191
In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-04-04
CVE-2022-0939
Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.
CVSS Score
9.0
EPSS Score
0.003
Published
2022-04-04
CVE-2022-1222
Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-04-04
CVE-2022-26233
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.
CVSS Score
7.5
EPSS Score
0.84
Published
2022-04-03
CVE-2022-26530
swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor.
CVSS Score
9.1
EPSS Score
0.006
Published
2022-04-03
CVE-2022-27248
A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-04-03
CVE-2022-27249
An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.
CVSS Score
8.8
EPSS Score
0.052
Published
2022-04-03
CVE-2021-30066
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved