Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2022
CVE-2022-32276
Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability
CVSS Score
7.5
EPSS Score
0.131
Published
2022-06-17
CVE-2022-33912
A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-06-17
CVE-2022-31296
Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php.
CVSS Score
9.8
EPSS Score
0.06
Published
2022-06-17
CVE-2022-2111
Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2.
CVSS Score
9.0
EPSS Score
0.005
Published
2022-06-17
CVE-2022-2112
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
CVSS Score
9.0
EPSS Score
0.004
Published
2022-06-17
CVE-2022-2113
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2.
CVSS Score
8.4
EPSS Score
0.004
Published
2022-06-17
CVE-2020-36549
A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-06-17
CVE-2021-41408
VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-06-17
CVE-2021-41490
Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-06-17
CVE-2021-45024
ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE).
CVSS Score
9.8
EPSS Score
0.005
Published
2022-06-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved