Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2024
CVE-2024-22901
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-02-02
CVE-2024-22902
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-02-02
CVE-2024-22903
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.
CVSS Score
8.8
EPSS Score
0.039
Published
2024-02-02
CVE-2024-23746
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents).
CVSS Score
9.8
EPSS Score
0.008
Published
2024-02-02
CVE-2023-50935
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-02-02
CVE-2023-50938
IBM PowerSC 1.3, 2.0, and 2.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 275128.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-02-02
CVE-2023-50941
IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-02-02
CVE-2023-50962
IBM PowerSC 1.3, 2.0, and 2.1 MFA does not implement the "HTTP Strict Transport Security" (HSTS) web security policy mechanism. IBM X-Force ID: 276004.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-02-02
CVE-2024-22779
Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java.
CVSS Score
8.8
EPSS Score
0.133
Published
2024-02-02
CVE-2023-32333
IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: 255073.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-02-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved