Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-38538
Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-13
CVE-2022-38539
Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-13
CVE-2022-38540
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-13
CVE-2022-38541
Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-13
CVE-2022-38542
Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-13
CVE-2022-3027
The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.
CVSS Score
5.7
EPSS Score
0.0
Published
2022-09-13
CVE-2022-3190
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.0
Published
2022-09-13
CVE-2022-1602
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-09-13
CVE-2022-36385
A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-09-13
CVE-2022-36778
insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved