Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2022
CVE-2022-34329
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-11-14
CVE-2022-38705
IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-11-14
CVE-2022-3993
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.
CVSS Score
9.4
EPSS Score
0.008
Published
2022-11-14
CVE-2022-24937
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silicon Labs Ember ZNet allows Overflow Buffers.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-11-14
CVE-2022-24938
A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-11-14
CVE-2022-34312
IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447.
CVSS Score
4.0
EPSS Score
0.0
Published
2022-11-14
CVE-2022-0137
A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-14
CVE-2022-35719
IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially sensitive information in trace files that could be read by a local user.
CVSS Score
5.1
EPSS Score
0.0
Published
2022-11-14
CVE-2022-3992
A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571.
CVSS Score
2.4
EPSS Score
0.001
Published
2022-11-14
CVE-2022-43693
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-11-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved