Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2021-3972
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVSS Score
6.7
EPSS Score
0.097
Published
2022-04-22
CVE-2021-4210
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.001
Published
2022-04-22
CVE-2022-27340
MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-04-22
CVE-2022-27341
JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-22
CVE-2022-27342
Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult().
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-22
CVE-2022-1440
Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker.
CVSS Score
9.8
EPSS Score
0.112
Published
2022-04-22
CVE-2022-29589
Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-04-22
CVE-2021-20464
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-04-22
CVE-2021-29824
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468.
CVSS Score
3.1
EPSS Score
0.002
Published
2022-04-22
CVE-2021-38886
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-04-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved