Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2023
CVE-2023-43208
Known exploited
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
CVSS Score
9.8
EPSS Score
0.944
Published
2023-10-26
CVE-2023-45228
The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-10-26
CVE-2023-45317
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-26
CVE-2023-46666
An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-10-26
CVE-2023-5622
Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-10-26
CVE-2023-5623
NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location
CVSS Score
7.0
EPSS Score
0.001
Published
2023-10-26
CVE-2023-5624
Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-10-26
CVE-2023-41966
The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-26
CVE-2023-42769
The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-26
CVE-2023-5786
A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243592.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-10-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved