Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2023
CVE-2022-38730
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-04-27
CVE-2023-29950
swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c
CVSS Score
5.5
EPSS Score
0.001
Published
2023-04-27
CVE-2022-31647
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-04-27
CVE-2023-27860
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-04-27
CVE-2023-28261
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
5.7
EPSS Score
0.001
Published
2023-04-27
CVE-2023-28286
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
CVSS Score
6.1
EPSS Score
0.001
Published
2023-04-27
CVE-2023-2355
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-04-27
CVE-2023-21712
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVSS Score
8.1
EPSS Score
0.007
Published
2023-04-27
CVE-2023-2158
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user.  Score 6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
CVSS Score
9.8
EPSS Score
0.002
Published
2023-04-27
CVE-2023-2335
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved