Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2023
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163.
CVSS Score
6.3
EPSS Score
0.007
Published
2023-05-19
IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.
CVSS Score
6.2
EPSS Score
0.001
Published
2023-05-19
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection.
CVSS Score
8.1
EPSS Score
0.004
Published
2023-05-19
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.
CVSS Score
6.2
EPSS Score
0.002
Published
2023-05-19
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.
CVSS Score
5.5
EPSS Score
0.005
Published
2023-05-19
A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.
CVSS Score
5.5
EPSS Score
0.003
Published
2023-05-19
Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-05-19
SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-05-19
DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'
CVSS Score
5.4
EPSS Score
0.004
Published
2023-05-19
A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter.
CVSS Score
6.7
EPSS Score
0.018
Published
2023-05-19


Contact Us

Shodan ® - All rights reserved