Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2021-46704
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
CVSS Score
9.8
EPSS Score
0.869
Published
2022-03-06
CVE-2022-26505
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
CVSS Score
7.4
EPSS Score
0.002
Published
2022-03-06
CVE-2021-46703
In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Score
9.8
EPSS Score
0.014
Published
2022-03-06
CVE-2022-26495
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-03-06
CVE-2022-26496
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-03-06
CVE-2022-26490
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-06
CVE-2022-0845
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
CVSS Score
7.3
EPSS Score
0.003
Published
2022-03-05
CVE-2022-24921
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-03-05
CVE-2022-0849
Use After Free in r_reg_get_name_idx in GitHub repository radareorg/radare2 prior to 5.6.6.
CVSS Score
7.3
EPSS Score
0.003
Published
2022-03-05
CVE-2022-25044
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-03-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved