Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2022
CVE-2022-26969
In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-26
CVE-2022-30260
Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-12-26
CVE-2021-35951
fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-12-26
CVE-2022-24118
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
CVSS Score
9.1
EPSS Score
0.0
Published
2022-12-26
CVE-2022-24119
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-26
CVE-2022-24120
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.
CVSS Score
4.6
EPSS Score
0.0
Published
2022-12-26
CVE-2021-44758
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-12-26
CVE-2021-44854
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-26
CVE-2021-44855
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-12-26
CVE-2021-45466
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.
CVSS Score
9.8
EPSS Score
0.166
Published
2022-12-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved