Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2022
CVE-2021-34567
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service and an limited out-of-bounds read.
CVSS Score
8.2
EPSS Score
0.008
Published
2022-11-09
CVE-2021-34566
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to crash the iocheck process and write memory resulting in loss of integrity and DoS.
CVSS Score
9.1
EPSS Score
0.003
Published
2022-11-09
CVE-2022-43290
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-09
CVE-2022-43291
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-09
CVE-2022-43292
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-09
CVE-2022-43321
Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-11-09
CVE-2022-43320
FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-11-09
CVE-2022-31253
A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-11-09
CVE-2022-45062
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-11-09
CVE-2022-40797
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)
CVSS Score
9.8
EPSS Score
0.083
Published
2022-11-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved