Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2022
CVE-2022-37241
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint.
CVSS Score
5.4
EPSS Score
0.007
Published
2022-08-25
CVE-2022-37242
MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-08-25
CVE-2022-37243
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-08-25
CVE-2022-22728
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.
CVSS Score
7.5
EPSS Score
0.015
Published
2022-08-25
CVE-2022-36455
TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-08-25
CVE-2022-37077
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-25
CVE-2022-37078
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-25
CVE-2022-37079
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-08-25
CVE-2022-37080
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-25
CVE-2022-37081
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-08-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved