Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2024
CVE-2024-41614
symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles.
CVSS Score
4.8
EPSS Score
0.0
Published
2024-08-13
CVE-2024-36446
The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successful exploit could allow an attacker to bypass the authorization schema.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-08-13
CVE-2024-41613
A Cross Site Scripting (XSS) vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-08-13
CVE-2023-31341
Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-08-13
CVE-2023-31348
A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVSS Score
7.3
EPSS Score
0.002
Published
2024-08-13
CVE-2023-31349
Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVSS Score
7.3
EPSS Score
0.002
Published
2024-08-13
CVE-2023-31366
Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-08-13
CVE-2023-31307
Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service.
CVSS Score
2.3
EPSS Score
0.001
Published
2024-08-13
CVE-2023-31339
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-08-13
CVE-2023-20578
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved