Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2022
CVE-2022-24654
Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload.
CVSS Score
5.4
EPSS Score
0.023
Published
2022-08-15
CVE-2022-35978
Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.
CVSS Score
7.7
EPSS Score
0.137
Published
2022-08-15
CVE-2022-36526
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-08-15
CVE-2022-35624
In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN
CVSS Score
8.2
EPSS Score
0.006
Published
2022-08-15
CVE-2022-36523
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php.
CVSS Score
9.8
EPSS Score
0.051
Published
2022-08-15
CVE-2022-36524
D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-08-15
CVE-2022-36525
D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-08-15
CVE-2022-35623
In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth
CVSS Score
8.2
EPSS Score
0.002
Published
2022-08-15
CVE-2022-2824
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-08-15
CVE-2022-33991
dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-08-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved