Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2022
CVE-2022-36394
Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.
CVSS Score
7.6
EPSS Score
0.002
Published
2022-08-23
CVE-2022-36405
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-08-23
CVE-2022-37111
BlueCMS 1.6 has SQL injection in line 132 of admin/article.php
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-23
CVE-2022-37112
BlueCMS 1.6 has SQL injection in line 55 of admin/model.php
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-23
CVE-2022-37113
Bluecms 1.6 has SQL injection in line 132 of admin/area.php
CVSS Score
9.8
EPSS Score
0.031
Published
2022-08-23
CVE-2021-3827
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-08-23
CVE-2021-3839
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-23
CVE-2021-3905
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-23
CVE-2022-28882
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-08-23
CVE-2022-28883
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-08-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved