Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2023
CVE-2023-38954
ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-03
CVE-2023-38955
ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-03
CVE-2023-38956
A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-08-03
CVE-2023-38958
An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-08-03
CVE-2023-4076
Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.008
Published
2023-08-03
CVE-2023-4077
Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-03
CVE-2023-4078
Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)
CVSS Score
8.8
EPSS Score
0.002
Published
2023-08-03
CVE-2023-33369
A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service.
CVSS Score
9.1
EPSS Score
0.006
Published
2023-08-03
CVE-2023-33370
An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-03
CVE-2023-33371
Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved