Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2022
CVE-2022-26479
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-07-17
CVE-2022-26481
An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action.
CVSS Score
8.8
EPSS Score
0.034
Published
2022-07-17
CVE-2022-26482
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.
CVSS Score
7.2
EPSS Score
0.236
Published
2022-07-17
CVE-2022-28807
An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-07-17
CVE-2022-28808
An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading DWG files in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-07-17
CVE-2022-28809
An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-07-17
CVE-2022-30981
An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-07-17
CVE-2022-30982
An issue was discovered in Gentics CMS before 5.43.1. There is stored XSS in the profile description and in the username.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-07-17
CVE-2022-31201
SoftGuard Web (SGW) before 5.1.5 allows HTML injection.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-07-17
CVE-2022-31202
The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved