Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2019
CVE-2019-6262
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration helpurl settings allowed stored XSS.
CVSS Score
5.4
EPSS Score
0.0
Published
2019-01-16
CVE-2019-6263
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.
CVSS Score
4.8
EPSS Score
0.001
Published
2019-01-16
CVE-2019-6264
An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in mod_banners leads to a stored XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-01-16
CVE-2019-6443
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
CVSS Score
9.1
EPSS Score
0.106
Published
2019-01-16
CVE-2019-6444
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
CVSS Score
9.1
EPSS Score
0.106
Published
2019-01-16
CVE-2019-6445
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
CVSS Score
6.5
EPSS Score
0.154
Published
2019-01-16
CVE-2019-6446
An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.
CVSS Score
9.8
EPSS Score
0.592
Published
2019-01-16
CVE-2019-6442
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
CVSS Score
6.5
EPSS Score
0.153
Published
2019-01-16
CVE-2016-10737
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-01-16
CVE-2016-10738
Zenbership v107 has CSRF via admin/cp-functions/event-add.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-01-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved