Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2022
CVE-2022-41412
An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.
CVSS Score
8.6
EPSS Score
0.893
Published
2022-11-30
CVE-2022-41413
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-11-30
CVE-2022-44096
Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-30
CVE-2022-44097
Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-30
CVE-2022-45869
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-11-30
CVE-2022-45337
Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-30
CVE-2022-45328
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-30
CVE-2022-45332
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-11-30
CVE-2022-40265
Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.
CVSS Score
8.6
EPSS Score
0.002
Published
2022-11-30
CVE-2022-4194
Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
8.8
EPSS Score
0.003
Published
2022-11-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved