Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2019
CVE-2019-0666
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772.
CVSS Score
7.5
EPSS Score
0.055
Published
2019-04-08
CVE-2019-0667
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.
CVSS Score
7.5
EPSS Score
0.453
Published
2019-04-08
CVE-2019-11023
The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39.20160612.1140 has a NULL pointer dereference, as demonstrated by graphml2gv.
CVSS Score
8.8
EPSS Score
0.019
Published
2019-04-08
CVE-2019-11024
The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-04-08
CVE-2019-11025
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-04-08
CVE-2019-11026
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-04-08
CVE-2019-0211
Known exploited
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
CVSS Score
7.8
EPSS Score
0.895
Published
2019-04-08
CVE-2019-11016
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-04-08
CVE-2019-11018
application\admin\controller\User.php in ThinkAdmin V4.0 does not prevent continued use of an administrator's cookie-based credentials after a password change.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-04-08
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
CVSS Score
7.5
EPSS Score
0.472
Published
2019-04-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved