Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2024-24265
gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-05
CVE-2024-24266
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-02-05
CVE-2024-24267
gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-02-05
CVE-2023-6028
A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser session.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-02-05
CVE-2023-6874
Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-05
CVE-2024-0953
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-02-05
CVE-2024-23054
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).
CVSS Score
9.8
EPSS Score
0.039
Published
2024-02-05
CVE-2024-24397
Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field.
CVSS Score
5.4
EPSS Score
0.009
Published
2024-02-05
CVE-2024-24468
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.
CVSS Score
8.8
EPSS Score
0.016
Published
2024-02-05
CVE-2024-24469
Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php.
CVSS Score
8.8
EPSS Score
0.017
Published
2024-02-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved