Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2024
CVE-2024-36843
libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-05-31
CVE-2024-36844
libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-05-31
CVE-2024-36845
An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-05-31
CVE-2024-33996
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
CVSS Score
6.2
EPSS Score
0.001
Published
2024-05-31
CVE-2024-33997
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-05-31
CVE-2024-33998
Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-05-31
CVE-2024-33999
The referrer URL used by MFA required additional sanitizing, rather than being used directly.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-05-31
CVE-2024-29829
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVSS Score
8.4
EPSS Score
0.002
Published
2024-05-31
CVE-2024-29830
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVSS Score
8.4
EPSS Score
0.002
Published
2024-05-31
CVE-2024-29846
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
CVSS Score
8.4
EPSS Score
0.002
Published
2024-05-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved