Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2023
Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-26
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-01-26
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected.
CVSS Score
6.8
EPSS Score
0.005
Published
2023-01-26
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.
CVSS Score
9.1
EPSS Score
0.003
Published
2023-01-26
SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.
CVSS Score
5.7
EPSS Score
0.001
Published
2023-01-26
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-01-26
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.001
Published
2023-01-26
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.001
Published
2023-01-26
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.001
Published
2023-01-26
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file
CVSS Score
6.3
EPSS Score
0.0
Published
2023-01-26


Contact Us

Shodan ® - All rights reserved