Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-23958
Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.
CVSS Score
6.8
EPSS Score
0.002
Published
2023-09-27
CVE-2023-23495
A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-09-27
CVE-2022-48606
Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-09-27
CVE-2023-0456
A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.
CVSS Score
7.4
EPSS Score
0.002
Published
2023-09-27
CVE-2023-0833
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-09-27
CVE-2021-38243
xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request.
CVSS Score
9.8
EPSS Score
0.042
Published
2023-09-27
CVE-2023-4259
Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-09-26
CVE-2023-43325
A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.
CVSS Score
6.1
EPSS Score
0.112
Published
2023-09-26
CVE-2023-43278
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-09-25
CVE-2023-38907
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-09-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved