Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2019
CVE-2019-3911
Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints.
CVSS Score
6.1
EPSS Score
0.078
Published
2019-01-30
CVE-2019-3912
An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites.
CVSS Score
6.1
EPSS Score
0.168
Published
2019-01-30
CVE-2019-3913
Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service.
CVSS Score
4.9
EPSS Score
0.007
Published
2019-01-30
CVE-2018-20748
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
CVSS Score
9.8
EPSS Score
0.109
Published
2019-01-30
CVE-2018-20749
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
CVSS Score
9.8
EPSS Score
0.109
Published
2019-01-30
CVE-2018-20750
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
CVSS Score
9.8
EPSS Score
0.109
Published
2019-01-30
CVE-2018-19027
Three type confusion vulnerabilities exist in CX-One Versions 4.50 and prior and CX-Protocol Versions 2.0 and prior when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-01-30
CVE-2018-19782
Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.
CVSS Score
6.1
EPSS Score
0.06
Published
2019-01-30
CVE-2018-19858
PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus giving an attacker file-read access and full-fledged SSRF.
CVSS Score
8.6
EPSS Score
0.005
Published
2019-01-30
CVE-2018-19440
ARM Trusted Firmware-A allows information disclosure.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-01-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved