Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2022
CVE-2022-40159
** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google in breach of the CNA rules. After review by the JXPath maintainers, the original report was found to be invalid.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-10-06
CVE-2022-3397
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-10-06
CVE-2022-3398
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-10-06
CVE-2022-3376
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
CVSS Score
3.5
EPSS Score
0.004
Published
2022-10-06
CVE-2022-3389
Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.
CVSS Score
8.2
EPSS Score
0.008
Published
2022-10-06
CVE-2022-3396
OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds Write, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-10-06
CVE-2022-3273
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.
CVSS Score
3.6
EPSS Score
0.0
Published
2022-10-06
CVE-2022-39988
A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-06
CVE-2022-3002
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVSS Score
5.4
EPSS Score
0.01
Published
2022-10-06
CVE-2022-39280
dparse is a parser for Python dependency files. dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. A patch has been applied in version `0.5.2`, all the users are advised to upgrade to `0.5.2` as soon as possible. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-10-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved