Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2023
CVE-2023-32564
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.
CVSS Score
6.8
EPSS Score
0.273
Published
2023-08-10
CVE-2023-32565
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVSS Score
6.3
EPSS Score
0.004
Published
2023-08-10
CVE-2023-37625
A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.
CVSS Score
5.4
EPSS Score
0.016
Published
2023-08-10
CVE-2023-39805
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-10
CVE-2023-39806
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-10
CVE-2023-40014
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.
CVSS Score
5.3
EPSS Score
0.005
Published
2023-08-10
CVE-2023-28129
DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.
CVSS Score
7.8
EPSS Score
0.002
Published
2023-08-10
CVE-2023-23342
If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. 
CVSS Score
6.6
EPSS Score
0.001
Published
2023-08-10
CVE-2023-32566
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.
CVSS Score
6.3
EPSS Score
0.004
Published
2023-08-10
CVE-2023-32567
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236
CVSS Score
6.5
EPSS Score
0.004
Published
2023-08-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved