Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2024
CVE-2023-50274
HPE OneView may allow command injection with local privilege escalation.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-01-23
CVE-2023-49657
A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their config to include: TALISMAN_CONFIG = {     "content_security_policy": {         "base-uri": ["'self'"],         "default-src": ["'self'"],         "img-src": ["'self'", "blob:", "data:"],         "worker-src": ["'self'", "blob:"],         "connect-src": [             "'self'",             " https://api.mapbox.com" https://api.mapbox.com" ;,             " https://events.mapbox.com" https://events.mapbox.com" ;,         ],         "object-src": "'none'",         "style-src": [             "'self'",             "'unsafe-inline'",         ],         "script-src": ["'self'", "'strict-dynamic'"],     },     "content_security_policy_nonce_in": ["script-src"],     "force_https": False,     "session_cookie_secure": False, }
CVSS Score
9.6
EPSS Score
0.002
Published
2024-01-23
CVE-2024-22660
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg
CVSS Score
9.8
EPSS Score
0.012
Published
2024-01-23
CVE-2024-22662
TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules
CVSS Score
9.8
EPSS Score
0.012
Published
2024-01-23
CVE-2024-22663
TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg
CVSS Score
9.8
EPSS Score
0.048
Published
2024-01-23
CVE-2024-0741
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVSS Score
6.5
EPSS Score
0.475
Published
2024-01-23
CVE-2024-0742
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVSS Score
4.3
EPSS Score
0.019
Published
2024-01-23
CVE-2024-0743
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-01-23
CVE-2024-0744
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-01-23
CVE-2024-0745
The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.
CVSS Score
8.8
EPSS Score
0.01
Published
2024-01-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved