Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2019
CVE-2018-15207
BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin.
CVSS Score
7.2
EPSS Score
0.005
Published
2019-04-30
CVE-2018-15208
BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-04-30
CVE-2019-9621
Known exploited
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
CVSS Score
7.5
EPSS Score
0.918
Published
2019-04-30
CVE-2018-19374
Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to gain privileges (after a reboot) by placing a Trojan horse file into the permissive bin directory.
CVSS Score
7.0
EPSS Score
0.001
Published
2019-04-30
CVE-2018-20509
The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debugfs file.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-04-30
CVE-2018-20510
The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines in a debugfs file.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-04-30
CVE-2019-10272
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-04-30
CVE-2019-5624
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.
CVSS Score
7.4
EPSS Score
0.081
Published
2019-04-30
CVE-2019-10948
Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-04-30
CVE-2019-10950
Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X provide insecure telnet services that lack authentication requirements. An attacker who successfully exploits this vulnerability may be able to access the underlying operating system.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-04-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved