Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2023
CVE-2023-38860
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
CVSS Score
9.8
EPSS Score
0.014
Published
2023-08-15
CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).
CVSS Score
9.8
EPSS Score
0.003
Published
2023-08-15
CVE-2023-38840
Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.
CVSS Score
5.5
EPSS Score
0.026
Published
2023-08-15
CVE-2023-38850
Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-15
CVE-2023-38851
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-08-15
CVE-2023-38852
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.
CVSS Score
6.5
EPSS Score
0.009
Published
2023-08-15
CVE-2023-38853
Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015.
CVSS Score
6.5
EPSS Score
0.008
Published
2023-08-15
CVE-2023-32004
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-08-15
CVE-2023-32006
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-08-15
CVE-2023-35082
Known exploited
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier.
CVSS Score
10.0
EPSS Score
0.945
Published
2023-08-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved