Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2019
CVE-2018-11425
Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Series version 1.6 Build 18021314 and prior, a different vulnerability than CVE-2018-11424.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-03
CVE-2019-10717
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
CVSS Score
7.1
EPSS Score
0.149
Published
2019-07-03
CVE-2019-10721
BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-03
CVE-2018-11215
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.
CVSS Score
9.8
EPSS Score
0.031
Published
2019-07-03
CVE-2018-11227
Monstra CMS 3.0.4 and earlier has XSS via index.php.
CVSS Score
6.1
EPSS Score
0.045
Published
2019-07-03
CVE-2018-11426
A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-03
CVE-2018-11427
CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-07-03
CVE-2019-10183
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release.
CVSS Score
3.2
EPSS Score
0.001
Published
2019-07-03
CVE-2019-13164
qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-07-03
CVE-2019-3619
Information Disclosure vulnerability in the Agent Handler in McAfee ePolicy Orchestrator (ePO) 5.9.x and 5.10.0 prior to 5.10.0 update 4 allows remote unauthenticated attacker to view sensitive information in plain text via sniffing the traffic between the Agent Handler and the SQL server.
CVSS Score
6.8
EPSS Score
0.002
Published
2019-07-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved