Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2023
CVE-2023-42649
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-01
CVE-2023-42650
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-01
CVE-2023-42651
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-01
CVE-2023-42652
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-01
CVE-2023-42653
In faceid service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-01
CVE-2023-42654
In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-01
CVE-2023-42655
In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed
CVSS Score
6.7
EPSS Score
0.0
Published
2023-11-01
CVE-2023-42750
In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVSS Score
4.4
EPSS Score
0.0
Published
2023-11-01
CVE-2023-1714
Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.
CVSS Score
8.8
EPSS Score
0.021
Published
2023-11-01
CVE-2023-1715
A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-11-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved