Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-39049
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
CVSS Score
3.5
EPSS Score
0.011
Published
2022-09-05
CVE-2022-39839
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-09-05
CVE-2022-39840
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM).
CVSS Score
4.8
EPSS Score
0.002
Published
2022-09-05
CVE-2022-39831
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-05
CVE-2022-39832
An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-05
CVE-2022-39828
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-05
CVE-2022-39829
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-05
CVE-2022-39830
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-05
CVE-2022-39824
Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute arbitrary JavaScript code from the server via the currentItem property of the list widget, e.g., to perform DoS attacks or achieve an information leak.
CVSS Score
8.9
EPSS Score
0.007
Published
2022-09-05
CVE-2022-39196
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-09-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved