Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2024
CVE-2024-23530
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVSS Score
5.3
EPSS Score
0.01
Published
2024-04-19
CVE-2024-23531
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.
CVSS Score
7.5
EPSS Score
0.034
Published
2024-04-19
CVE-2024-23532
An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution.
CVSS Score
7.5
EPSS Score
0.13
Published
2024-04-19
CVE-2024-23533
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory.
CVSS Score
4.3
EPSS Score
0.01
Published
2024-04-19
CVE-2024-22061
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
CVSS Score
8.1
EPSS Score
0.053
Published
2024-04-19
CVE-2024-30938
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-04-19
CVE-2024-31750
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter.
CVSS Score
9.8
EPSS Score
0.918
Published
2024-04-19
CVE-2024-30924
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component.
CVSS Score
4.6
EPSS Score
0.001
Published
2024-04-18
CVE-2024-30925
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-18
CVE-2024-30926
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component.
CVSS Score
4.6
EPSS Score
0.002
Published
2024-04-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved