Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2022
CVE-2022-3265
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side.
CVSS Score
7.3
EPSS Score
0.529
Published
2022-11-09
CVE-2022-3280
An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-11-09
CVE-2022-39307
Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds.
CVSS Score
6.7
EPSS Score
0.002
Published
2022-11-09
CVE-2022-2761
An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-11-09
CVE-2022-41122
Microsoft SharePoint Server Spoofing Vulnerability
CVSS Score
6.5
EPSS Score
0.027
Published
2022-11-09
CVE-2022-41123
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.003
Published
2022-11-09
CVE-2022-41125
Known exploited
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.005
Published
2022-11-09
CVE-2022-41128
Known exploited
Windows Scripting Languages Remote Code Execution Vulnerability
CVSS Score
8.8
EPSS Score
0.672
Published
2022-11-09
CVE-2022-44244
An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator.
CVSS Score
6.6
EPSS Score
0.0
Published
2022-11-09
CVE-2022-44590
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao's Simple Video Embedder plugin <= 2.2 on WordPress.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved