Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2022
CVE-2022-39194
An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed.
CVSS Score
4.9
EPSS Score
0.003
Published
2022-09-02
CVE-2022-36593
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java.
CVSS Score
6.5
EPSS Score
0.01
Published
2022-09-02
CVE-2022-36594
Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-02
CVE-2022-39176
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-09-02
CVE-2022-39177
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-02
CVE-2022-36759
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-09-02
CVE-2022-39170
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
CVSS Score
8.8
EPSS Score
0.005
Published
2022-09-02
CVE-2021-25657
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-02
CVE-2022-32743
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
CVSS Score
7.5
EPSS Score
0.012
Published
2022-09-01
CVE-2022-36601
The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.024
Published
2022-09-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved