Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2024
CVE-2023-34348
AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-01-18
CVE-2023-28901
The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing remote attackers to obtain recent trip data, vehicle mileage, fuel consumption, average and maximum speed, and other information of Skoda Connect service users by specifying an arbitrary vehicle VIN number.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-01-18
CVE-2024-22601
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save
CVSS Score
8.8
EPSS Score
0.001
Published
2024-01-18
CVE-2024-22603
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link
CVSS Score
8.8
EPSS Score
0.001
Published
2024-01-18
CVE-2024-22817
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte
CVSS Score
8.8
EPSS Score
0.001
Published
2024-01-18
CVE-2024-22818
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save
CVSS Score
8.8
EPSS Score
0.001
Published
2024-01-18
CVE-2024-22819
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-01-18
CVE-2023-28900
The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing to obtain nicknames and other user identifiers of Skoda Connect service users by specifying an arbitrary vehicle VIN number.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-01-18
CVE-2024-22699
FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-01-18
CVE-2024-0408
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-01-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved