Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2023
CVE-2023-40631
In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed
CVSS Score
4.4
EPSS Score
0.0
Published
2023-10-08
CVE-2023-43615
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-10-07
CVE-2023-45199
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
CVSS Score
9.8
EPSS Score
0.086
Published
2023-10-07
CVE-2023-36123
Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information.
CVSS Score
7.8
EPSS Score
0.084
Published
2023-10-07
CVE-2023-5182
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-10-07
CVE-2023-44061
File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component.
CVSS Score
8.8
EPSS Score
0.05
Published
2023-10-06
CVE-2023-44860
An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request.
CVSS Score
7.5
EPSS Score
0.131
Published
2023-10-06
CVE-2022-33160
IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.
CVSS Score
3.7
EPSS Score
0.0
Published
2023-10-06
CVE-2023-45322
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-06
CVE-2022-34355
IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-10-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved