Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2023
CVE-2023-21808
.NET and Visual Studio Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.014
Published
2023-02-14
CVE-2023-21815
Visual Studio Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.004
Published
2023-02-14
CVE-2023-21553
Azure DevOps Server Remote Code Execution Vulnerability
CVSS Score
7.5
EPSS Score
0.005
Published
2023-02-14
CVE-2023-21566
Visual Studio Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.006
Published
2023-02-14
CVE-2023-23378
Print 3D Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.008
Published
2023-02-14
CVE-2023-23379
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.001
Published
2023-02-14
CVE-2023-23382
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.009
Published
2023-02-14
CVE-2023-23390
3D Builder Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.008
Published
2023-02-14
CVE-2023-23934
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.
CVSS Score
2.6
EPSS Score
0.003
Published
2023-02-14
CVE-2023-23946
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.
CVSS Score
6.2
EPSS Score
0.019
Published
2023-02-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved