Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-35069
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-09-19
CVE-2022-35070
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x65fc97.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-09-19
CVE-2022-37032
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
CVSS Score
9.1
EPSS Score
0.005
Published
2022-09-19
CVE-2022-38339
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.
CVSS Score
9.6
EPSS Score
0.006
Published
2022-09-19
CVE-2022-38509
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-19
CVE-2022-38527
UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-19
CVE-2022-38532
Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable.
CVSS Score
7.8
EPSS Score
0.014
Published
2022-09-19
CVE-2022-0143
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)
CVSS Score
9.3
EPSS Score
0.002
Published
2022-09-19
CVE-2022-28321
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-09-19
CVE-2022-35060
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-09-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved