Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2023
CVE-2023-28682
Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
8.2
EPSS Score
0.006
Published
2023-04-02
CVE-2023-28683
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
8.2
EPSS Score
0.006
Published
2023-04-02
CVE-2023-28684
Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
6.5
EPSS Score
0.007
Published
2023-04-02
CVE-2022-42447
HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.
CVSS Score
9.6
EPSS Score
0.004
Published
2023-04-02
CVE-2022-42452
HCL Launch is vulnerable to HTML injection.  HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.
CVSS Score
4.6
EPSS Score
0.003
Published
2023-04-02
CVE-2023-1202
Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-04-02
CVE-2023-1574
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.
CVSS Score
6.5
EPSS Score
0.005
Published
2023-04-02
CVE-2023-1580
Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-04-02
CVE-2023-1603
Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.
CVSS Score
6.5
EPSS Score
0.006
Published
2023-04-02
CVE-2023-20558
Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-04-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved