Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2023
CVE-2023-24295
A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary code after opening a crafted PDF file.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-03-23
CVE-2023-28331
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
CVSS Score
6.1
EPSS Score
0.007
Published
2023-03-23
CVE-2023-28332
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-03-23
CVE-2023-28333
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
CVSS Score
9.8
EPSS Score
0.008
Published
2023-03-23
CVE-2023-28334
Authenticated users were able to enumerate other users' names via the learning plans page.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-03-23
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-03-23
CVE-2023-28336
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-03-23
CVE-2023-28611
Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-03-23
CVE-2022-3146
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-03-23
CVE-2023-0056
An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-03-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved