Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2023
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVSS Score
8.1
EPSS Score
0.019
Published
2023-08-22
Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVSS Score
6.3
EPSS Score
0.003
Published
2023-08-22
Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to fetch internal file content. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVSS Score
5.2
EPSS Score
0.002
Published
2023-08-22
Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVSS Score
5.9
EPSS Score
0.004
Published
2023-08-22
Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVSS Score
6.4
EPSS Score
0.003
Published
2023-08-22
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
CVSS Score
9.8
EPSS Score
0.037
Published
2023-08-22
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-08-22
Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-08-22
memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-22
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-22


Contact Us

Shodan ® - All rights reserved