Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2023
CVE-2023-30561
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-07-13
CVE-2023-30562
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs.
CVSS Score
6.7
EPSS Score
0.001
Published
2023-07-13
CVE-2023-30563
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.
CVSS Score
8.2
EPSS Score
0.005
Published
2023-07-13
CVE-2023-30564
Alaris Systems Manager does not perform input validation during the Device Import Function.
CVSS Score
6.9
EPSS Score
0.001
Published
2023-07-13
CVE-2023-30565
An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-07-13
CVE-2023-37463
cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.
CVSS Score
6.4
EPSS Score
0.002
Published
2023-07-13
CVE-2022-42045
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28.
CVSS Score
6.7
EPSS Score
0.01
Published
2023-07-13
CVE-2023-30560
The configuration from the PCU can be modified without authentication using physical connection to the PCU.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-07-13
CVE-2023-34458
mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag `RelayedNonceFixEnableEpoch` was needed. This was a strict processing issue while validating blocks on a chain. This vulnerability has been patched in version 1.4.17.
CVSS Score
7.1
EPSS Score
0.022
Published
2023-07-13
CVE-2023-30559
The firmware update package for the wireless card is not properly signed and can be modified.
CVSS Score
5.2
EPSS Score
0.001
Published
2023-07-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved