Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-39780
Known exploited
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348.
CVSS Score
8.8
EPSS Score
0.702
Published
2023-09-11
CVE-2023-40032
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-09-11
CVE-2023-41103
Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-11
CVE-2023-41256
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.
CVSS Score
9.1
EPSS Score
0.0
Published
2023-09-11
CVE-2023-31468
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-11
CVE-2023-38743
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.
CVSS Score
7.2
EPSS Score
0.213
Published
2023-09-11
CVE-2023-38829
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.
CVSS Score
8.8
EPSS Score
0.134
Published
2023-09-11
CVE-2020-19319
Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-09-11
CVE-2020-19320
Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-09-11
CVE-2020-19323
An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required
CVSS Score
7.5
EPSS Score
0.003
Published
2023-09-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved