Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2019
CVE-2019-0616
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0602, CVE-2019-0615, CVE-2019-0619, CVE-2019-0660, CVE-2019-0664.
CVSS Score
6.5
EPSS Score
0.258
Published
2019-03-05
CVE-2019-9213
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
CVSS Score
5.5
EPSS Score
0.053
Published
2019-03-05
CVE-2019-9576
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-05
CVE-2018-11793
When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.
CVSS Score
7.5
EPSS Score
0.074
Published
2019-03-05
CVE-2019-3917
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-03-05
CVE-2019-3918
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-03-05
CVE-2019-3919
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.
CVSS Score
8.8
EPSS Score
0.102
Published
2019-03-05
CVE-2019-3920
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.
CVSS Score
8.8
EPSS Score
0.102
Published
2019-03-05
CVE-2019-3921
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usb_Form?script/. An attacker can leverage this vulnerability to potentially execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.055
Published
2019-03-05
CVE-2019-3922
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to /GponForm/fsetup_Form. An attacker can leverage this vulnerability to potentially execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.126
Published
2019-03-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved