Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2022
CVE-2021-33001
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-16
CVE-2021-33021
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-16
CVE-2021-33025
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.
CVSS Score
5.6
EPSS Score
0.001
Published
2022-05-16
CVE-2022-1679
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-05-16
CVE-2022-30695
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
CVSS Score
7.8
EPSS Score
0.001
Published
2022-05-16
CVE-2022-30696
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
CVSS Score
7.8
EPSS Score
0.001
Published
2022-05-16
CVE-2022-30697
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
CVSS Score
7.8
EPSS Score
0.0
Published
2022-05-16
CVE-2021-23265
A logged-in and authenticated user with a Reviewer Role may lock a content item.
CVSS Score
3.5
EPSS Score
0.002
Published
2022-05-16
CVE-2021-23266
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-05-16
CVE-2021-23267
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
CVSS Score
7.6
EPSS Score
0.005
Published
2022-05-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved