Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2022
CVE-2021-25981
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)
CVSS Score
9.8
EPSS Score
0.021
Published
2022-01-03
CVE-2022-0079
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
CVSS Score
5.3
EPSS Score
0.002
Published
2022-01-03
CVE-2021-36751
ENC DataVault 7.2.3 and before, and OEM versions, use an encryption algorithm that is vulnerable to data manipulation (without knowledge of the key). This is called ciphertext malleability. There is no data integrity mechanism to detect this manipulation.
CVSS Score
4.2
EPSS Score
0.002
Published
2022-01-02
CVE-2022-0080
mruby is vulnerable to Heap-based Buffer Overflow
CVSS Score
8.2
EPSS Score
0.002
Published
2022-01-02
CVE-2022-22293
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-01-02
CVE-2021-44896
DMP Roadmap before 3.0.4 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-01-01
CVE-2021-45972
The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.
CVSS Score
7.1
EPSS Score
0.002
Published
2022-01-01
CVE-2021-45960
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVSS Score
8.8
EPSS Score
0.003
Published
2022-01-01
CVE-2021-41819
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-01-01
CVE-2021-43333
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-01-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved