Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2022
CVE-2021-3414
A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality.
CVSS Score
8.1
EPSS Score
0.001
Published
2022-08-26
CVE-2021-3427
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-08-26
CVE-2021-3563
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
CVSS Score
7.4
EPSS Score
0.0
Published
2022-08-26
CVE-2021-3574
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-08-26
CVE-2022-36521
Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-26
CVE-2021-39393
mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-26
CVE-2021-39394
mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-08-26
CVE-2021-40285
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.
CVSS Score
8.1
EPSS Score
0.001
Published
2022-08-26
CVE-2022-36678
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-26
CVE-2022-36679
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved