Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2023
CVE-2022-28737
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-07-20
CVE-2023-3072
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
CVSS Score
4.1
EPSS Score
0.0
Published
2023-07-20
CVE-2023-3299
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
CVSS Score
3.4
EPSS Score
0.002
Published
2023-07-20
CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
CVSS Score
5.3
EPSS Score
0.005
Published
2023-07-20
CVE-2023-34429
Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-19
CVE-2023-35134
Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only.
CVSS Score
7.4
EPSS Score
0.001
Published
2023-07-19
CVE-2023-36853
​In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-07-19
CVE-2023-37362
Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.
CVSS Score
7.2
EPSS Score
0.0
Published
2023-07-19
CVE-2023-32657
Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-07-19
CVE-2023-34394
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-07-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved