Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2022
CVE-2020-23563
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-07-18
CVE-2021-40874
An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-07-18
CVE-2021-41419
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.
CVSS Score
9.8
EPSS Score
0.039
Published
2022-07-18
CVE-2021-42923
ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If an attacker overwrites the file %temp%\ShowMyPC\-ShowMyPC3606\wodVPN.dll, it will run any malicious code contained in that file. The code will run with normal user privileges unless the user specifically runs ShowMyPC as administrator.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-07-18
CVE-2021-44954
In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-07-18
CVE-2022-27434
UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page.
CVSS Score
9.8
EPSS Score
0.015
Published
2022-07-18
CVE-2022-31213
An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-07-17
CVE-2022-32985
libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-07-17
CVE-2022-33903
Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-07-17
CVE-2021-40150
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.
CVSS Score
7.5
EPSS Score
0.342
Published
2022-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved