Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2023
CVE-2023-36344
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-08
CVE-2023-36482
An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-08-08
CVE-2023-39086
ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-08-08
CVE-2023-36873
.NET Framework Spoofing Vulnerability
CVSS Score
7.4
EPSS Score
0.004
Published
2023-08-08
CVE-2023-36899
ASP.NET Elevation of Privilege Vulnerability
CVSS Score
8.8
EPSS Score
0.697
Published
2023-08-08
CVE-2023-38180
Known exploited
.NET and Visual Studio Denial of Service Vulnerability
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-08
CVE-2023-39518
social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3.
CVSS Score
5.4
EPSS Score
0.009
Published
2023-08-08
CVE-2023-39533
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one's application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-08
CVE-2023-40041
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-08-08
CVE-2023-40042
TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-08-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved