Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2018
CVE-2018-12437
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
CVSS Score
4.9
EPSS Score
0.001
Published
2018-06-15
CVE-2018-12438
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
CVSS Score
4.9
EPSS Score
0.001
Published
2018-06-15
CVE-2018-12439
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
CVSS Score
4.7
EPSS Score
0.001
Published
2018-06-15
CVE-2018-12440
BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
CVSS Score
4.7
EPSS Score
0.0
Published
2018-06-15
CVE-2018-12431
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page).
CVSS Score
4.8
EPSS Score
0.002
Published
2018-06-14
CVE-2018-12432
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-14
CVE-2018-12420
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-06-14
CVE-2018-12423
In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-14
CVE-2018-6516
On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-06-14
CVE-2017-12070
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-06-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved