Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2019
CVE-2019-8983
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-21
CVE-2019-8984
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
CVSS Score
6.1
EPSS Score
0.003
Published
2019-02-21
CVE-2018-20122
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability.
CVSS Score
9.8
EPSS Score
0.059
Published
2019-02-21
CVE-2018-6687
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-21
CVE-2019-8982
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
CVSS Score
9.6
EPSS Score
0.824
Published
2019-02-21
CVE-2019-8980
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVSS Score
7.5
EPSS Score
0.017
Published
2019-02-21
CVE-2019-8979
Kohana through 3.3.6 has SQL Injection when the order_by() parameter can be controlled.
CVSS Score
9.8
EPSS Score
0.084
Published
2019-02-21
CVE-2013-7469
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVSS Score
7.5
EPSS Score
0.008
Published
2019-02-21
CVE-2018-20146
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-02-21
CVE-2019-5727
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved