Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2023
CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
CVSS Score
7.4
EPSS Score
0.001
Published
2023-10-04
CVE-2023-4997
Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-04
CVE-2023-1584
A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-10-04
CVE-2023-25489
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <= 2.0.0 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-04
CVE-2023-25788
Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-10-04
CVE-2023-5377
Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-10-04
CVE-2023-44272
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-10-04
CVE-2023-5375
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
CVSS Score
4.3
EPSS Score
0.293
Published
2023-10-04
CVE-2023-5370
On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-10-04
CVE-2023-5368
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved