Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2023
CVE-2023-1965
An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-05-03
CVE-2023-1265
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-05-03
CVE-2023-1836
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances
CVSS Score
4.4
EPSS Score
0.005
Published
2023-05-03
CVE-2023-0155
An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown
CVSS Score
5.4
EPSS Score
0.0
Published
2023-05-03
CVE-2023-0485
An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-05-03
CVE-2023-1204
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-03
CVE-2023-24744
Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-05-03
CVE-2023-30300
An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-05-03
CVE-2017-11197
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-05-03
CVE-2020-22429
redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-05-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved