Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2018
CVE-2018-5844
In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-06-12
CVE-2018-5847
Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-06-12
CVE-2018-5848
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-06-12
CVE-2017-18287
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-06-12
CVE-2017-18288
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-06-12
CVE-2017-18289
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-06-12
CVE-2017-18290
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-06-12
CVE-2017-18291
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-06-12
CVE-2018-12257
An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in /etc/resolv.conf to the attacker's server, and serving the expected HTTPS response containing new firmware for the device to download.
CVSS Score
4.4
EPSS Score
0.001
Published
2018-06-12
CVE-2018-12258
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting.
CVSS Score
6.8
EPSS Score
0.0
Published
2018-06-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved