Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2022-0406
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-03
CVE-2022-28381
Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.
CVSS Score
9.8
EPSS Score
0.793
Published
2022-04-03
CVE-2022-28378
Craft CMS before 3.7.29 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-04-03
CVE-2022-28379
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion.
CVSS Score
6.8
EPSS Score
0.005
Published
2022-04-03
CVE-2022-28380
The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-04-03
CVE-2022-1211
A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it requires user-interaction. A POC has been disclosed to the public and may be used.
CVSS Score
6.3
EPSS Score
0.003
Published
2022-04-03
CVE-2022-1210
A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-03
CVE-2022-0088
Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls prior to 1.8.3.
CVSS Score
3.5
EPSS Score
0.008
Published
2022-04-03
CVE-2022-28376
Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value.
CVSS Score
8.1
EPSS Score
0.004
Published
2022-04-03
CVE-2022-28368
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
CVSS Score
9.8
EPSS Score
0.722
Published
2022-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved