Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2019
CVE-2018-12303
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-05-13
CVE-2018-12304
Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-13
CVE-2018-14710
Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-05-13
CVE-2019-11888
Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-05-13
CVE-2018-20838
ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-05-13
CVE-2019-11886
The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-customizer) plugin before 7.2.1 for WordPress allows yp_option_update CSRF, as demonstrated by use of yp_remote_get to obtain admin access.
CVSS Score
8.8
EPSS Score
0.268
Published
2019-05-13
CVE-2019-11885
eyeDisk implements the unlock feature by sending a cleartext password. The password can be discovered by sniffing USB traffic or by sending a 06 05 52 41 01 b0 00 00 00 00 00 00 SCSI command.
CVSS Score
6.8
EPSS Score
0.001
Published
2019-05-12
CVE-2019-11884
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
CVSS Score
3.3
EPSS Score
0.0
Published
2019-05-10
CVE-2019-5437
Information exposure through the directory listing in npm's harp module allows to access files that are supposed to be ignored according to the harp server rules.Vulnerable versions are <= 0.29.0 and no fix was applied to our knowledge.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-05-10
CVE-2019-5438
Path traversal using symlink in npm harp module versions <= 0.29.0.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-05-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved