Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2023
CVE-2023-43568
A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.
CVSS Score
4.4
EPSS Score
0.001
Published
2023-11-08
CVE-2023-43569
A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 
CVSS Score
6.7
EPSS Score
0.001
Published
2023-11-08
CVE-2023-36667
Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal.
CVSS Score
7.5
EPSS Score
0.009
Published
2023-11-08
CVE-2023-0392
The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution.
CVSS Score
6.7
EPSS Score
0.001
Published
2023-11-08
CVE-2023-29974
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-11-08
CVE-2023-45857
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-08
CVE-2023-45875
An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-11-08
CVE-2023-46362
jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-11-08
CVE-2023-46363
jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-11-08
CVE-2023-26221
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.
CVSS Score
5.0
EPSS Score
0.001
Published
2023-11-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved