Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
CVE-2018-0966
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
CVSS Score
3.3
EPSS Score
0.003
Published
2018-04-12
CVE-2018-0967
A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVSS Score
5.3
EPSS Score
0.229
Published
2018-04-12
CVE-2018-0870
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0991, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020.
CVSS Score
7.5
EPSS Score
0.189
Published
2018-04-12
CVE-2018-3888
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-04-11
CVE-2018-10048
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-04-11
CVE-2018-10049
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-04-11
CVE-2018-10050
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-04-11
CVE-2018-10051
iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-04-11
CVE-2018-10052
iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-04-11
CVE-2018-10054
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."
CVSS Score
8.8
EPSS Score
0.087
Published
2018-04-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved