Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2023
CVE-2023-35852
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-06-19
CVE-2023-35853
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
CVSS Score
9.8
EPSS Score
0.006
Published
2023-06-19
CVE-2023-35855
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-19
CVE-2023-35856
A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-06-19
CVE-2023-35857
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-19
CVE-2023-34657
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-06-19
CVE-2023-35846
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-19
CVE-2023-35847
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-19
CVE-2023-35848
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-19
CVE-2023-35849
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved