Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2022
CVE-2021-22642
An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-28
CVE-2021-22644
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-07-28
CVE-2021-22646
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-07-28
CVE-2021-22648
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-07-28
CVE-2021-22650
An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-28
CVE-2022-1805
When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM (Man in the Middle) between a zero client and AWS session provisioner in the network. This issue is only applicable when connecting to an Amazon Workspace from a PCoIP Zero Client.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-07-28
CVE-2022-1948
An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details.
CVSS Score
8.7
EPSS Score
0.172
Published
2022-07-28
CVE-2022-2553
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-07-28
CVE-2022-35882
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-07-28
CVE-2022-27509
Unauthenticated redirection to a malicious website
CVSS Score
6.1
EPSS Score
0.003
Published
2022-07-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved