Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-2472
Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.
CVSS Score
7.6
EPSS Score
0.0
Published
2022-09-15
CVE-2022-3211
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.
CVSS Score
5.8
EPSS Score
0.0
Published
2022-09-15
CVE-2021-44076
An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting (XSS). The payload can be executed in multiple scenarios, for example when the user's page appears in the Most Visited section of the page.
CVSS Score
4.8
EPSS Score
0.004
Published
2022-09-15
CVE-2022-37257
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-15
CVE-2022-37266
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-15
CVE-2022-38788
An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key).
CVSS Score
4.3
EPSS Score
0.001
Published
2022-09-15
CVE-2022-38789
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference.
CVSS Score
9.1
EPSS Score
0.004
Published
2022-09-15
CVE-2022-3224
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.
CVSS Score
9.4
EPSS Score
0.002
Published
2022-09-15
CVE-2022-3221
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-09-15
CVE-2022-3222
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-09-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved