Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2018
CVE-2018-11148
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02
CVE-2018-11149
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02
CVE-2018-11150
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02
CVE-2018-11151
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).
CVSS Score
7.2
EPSS Score
0.071
Published
2018-06-02
CVE-2018-11152
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02
CVE-2018-11153
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02
CVE-2018-11154
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).
CVSS Score
8.8
EPSS Score
0.076
Published
2018-06-02
CVE-2016-1000338
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-06-01
CVE-2018-11195
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.
CVSS Score
6.8
EPSS Score
0.001
Published
2018-06-01
CVE-2018-11196
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-06-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved