Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-40126
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-29
CVE-2022-40475
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.
CVSS Score
9.8
EPSS Score
0.014
Published
2022-09-29
CVE-2022-3352
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-09-29
CVE-2022-3355
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.
CVSS Score
8.2
EPSS Score
0.002
Published
2022-09-29
CVE-2021-45843
glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application's response.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-09-29
CVE-2022-1718
The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-09-29
CVE-2022-1719
Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page
CVSS Score
5.5
EPSS Score
0.002
Published
2022-09-29
CVE-2022-1725
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
CVSS Score
6.6
EPSS Score
0.001
Published
2022-09-29
CVE-2022-38222
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-29
CVE-2022-40278
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-09-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved