Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2022
CVE-2022-31208
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-07-17
CVE-2022-31209
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.
CVSS Score
9.8
EPSS Score
0.01
Published
2022-07-17
CVE-2022-31210
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-07-17
CVE-2022-31211
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-07-17
CVE-2022-31212
An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-07-17
CVE-2021-40149
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.
CVSS Score
5.9
EPSS Score
0.542
Published
2022-07-17
CVE-2021-46784
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
CVSS Score
6.5
EPSS Score
0.081
Published
2022-07-17
CVE-2022-26352
Known exploited
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.943
Published
2022-07-17
CVE-2022-29286
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-07-17
CVE-2022-32263
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved