Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2019-1458
Known exploited
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
CVSS Score
7.8
EPSS Score
0.919
Published
2019-12-10
CVE-2019-5544
Known exploited
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
CVSS Score
9.8
EPSS Score
0.927
Published
2019-12-06
CVE-2019-7193
Known exploited
This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.
CVSS Score
9.8
EPSS Score
0.258
Published
2019-12-05
CVE-2019-7194
Known exploited
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
CVSS Score
9.8
EPSS Score
0.939
Published
2019-12-05
CVE-2019-7195
Known exploited
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
CVSS Score
9.8
EPSS Score
0.941
Published
2019-12-05
CVE-2019-7192
Known exploited
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
CVSS Score
9.8
EPSS Score
0.943
Published
2019-12-05
CVE-2019-15271
Known exploited
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
CVSS Score
8.8
EPSS Score
0.059
Published
2019-11-26
CVE-2019-5825
Known exploited
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.737
Published
2019-11-25
CVE-2019-13720
Known exploited
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.882
Published
2019-11-25
CVE-2019-19006
Known exploited
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
CVSS Score
9.8
EPSS Score
0.269
Published
2019-11-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved