Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2023
CVE-2023-49944
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-12-25
CVE-2023-49954
The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-12-25
CVE-2023-37187
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the zfp/blosc2-zfp.c zfp_acc_decompress. function.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-12-25
CVE-2023-37188
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-12-25
CVE-2023-47091
An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-12-25
CVE-2023-47247
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-12-25
CVE-2023-31297
An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. There is XSS via the Name field when modifying a client.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-12-25
CVE-2023-37185
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_prec_decompress at zfp/blosc2-zfp.c.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-12-25
CVE-2023-37186
C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference in ndlz/ndlz8x8.c via a NULL pointer to memset.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-12-25
CVE-2023-28872
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved