Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2023-6565
The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.12.3 via the multi-call backup option. This makes it possible for unauthenticated attackers to extract sensitive data from a temporary SQL file via repeated GET requests during the limited time window of the backup process.
CVSS Score
5.9
EPSS Score
0.009
Published
2024-02-29
CVE-2023-51773
BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c.
CVSS Score
9.1
EPSS Score
0.004
Published
2024-02-29
CVE-2023-51774
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.
CVSS Score
8.4
EPSS Score
0.0
Published
2024-02-29
CVE-2023-51775
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-02-29
CVE-2023-51835
An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.
CVSS Score
6.8
EPSS Score
0.012
Published
2024-02-29
CVE-2023-50658
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-02-29
CVE-2023-50436
An issue was discovered in Couchbase Server before 7.2.4. ns_server admin credentials are leaked in encoded form in the diag.log file. The earliest affected version is 7.1.5.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-02-29
CVE-2023-50437
An issue was discovered in Couchbase Server before 7.2.x before 7.2.4. otpCookie is shown with full admin on pools/default/serverGroups and engageCluster2.
CVSS Score
8.6
EPSS Score
0.002
Published
2024-02-29
CVE-2023-49930
An issue was discovered in Couchbase Server before 7.2.4. cURL calls to /diag/eval are not sufficiently restricted.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-02-29
CVE-2023-49931
An issue was discovered in Couchbase Server before 7.2.4. SQL++ cURL calls to /diag/eval are not sufficiently restricted.
CVSS Score
9.8
EPSS Score
0.006
Published
2024-02-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved