Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-3205
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-09-01
CVE-2022-4343
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.
CVSS Score
5.0
EPSS Score
0.0
Published
2023-09-01
CVE-2023-0120
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-09-01
CVE-2023-1279
An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project.
CVSS Score
2.6
EPSS Score
0.0
Published
2023-09-01
CVE-2023-1555
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API.
CVSS Score
2.7
EPSS Score
0.001
Published
2023-09-01
CVE-2023-24412
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-09-01
CVE-2022-46527
ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-09-01
CVE-2023-24675
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-09-01
CVE-2023-39685
An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-09-01
CVE-2023-41364
In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved