Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2019
CVE-2019-13242
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-07-04
CVE-2019-13243
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-07-04
CVE-2019-13244
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-07-04
CVE-2019-13239
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-04
CVE-2019-13241
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
CVSS Score
7.8
EPSS Score
0.011
Published
2019-07-04
CVE-2018-20850
Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server.
CVSS Score
8.2
EPSS Score
0.001
Published
2019-07-04
CVE-2019-13238
An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL pointer.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-07-04
CVE-2019-13233
In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.
CVSS Score
7.0
EPSS Score
0.001
Published
2019-07-04
CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
CVSS Score
3.3
EPSS Score
0.0
Published
2019-07-04
CVE-2019-13226
deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system.
CVSS Score
7.0
EPSS Score
0.001
Published
2019-07-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved