Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2019
CVE-2018-20669
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-03-21
CVE-2018-20736
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-21
CVE-2018-20737
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-21
CVE-2018-20525
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
CVSS Score
9.1
EPSS Score
0.325
Published
2019-03-21
CVE-2018-20526
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
CVSS Score
9.8
EPSS Score
0.877
Published
2019-03-21
CVE-2018-20555
The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.
CVSS Score
9.8
EPSS Score
0.462
Published
2019-03-21
CVE-2018-20556
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the booking_id parameter.
CVSS Score
8.8
EPSS Score
0.144
Published
2019-03-21
CVE-2018-20615
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-03-21
CVE-2018-20626
PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-03-21
CVE-2018-20627
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-03-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved