Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2023
CVE-2023-3439
A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-06-28
CVE-2022-4143
An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization
CVSS Score
6.4
EPSS Score
0.002
Published
2023-06-28
CVE-2023-21512
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
CVSS Score
2.4
EPSS Score
0.001
Published
2023-06-28
CVE-2023-21513
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-06-28
CVE-2023-21517
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.063
Published
2023-06-28
CVE-2023-21518
Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.
CVSS Score
4.4
EPSS Score
0.001
Published
2023-06-28
CVE-2023-2232
An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix
CVSS Score
6.5
EPSS Score
0.018
Published
2023-06-28
CVE-2023-32222
D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-06-28
CVE-2023-32223
D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-28
CVE-2021-25827
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-06-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved