Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2019
CVE-2019-7278
Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-07-01
CVE-2019-13133
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-07-01
CVE-2019-13134
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-07-01
CVE-2019-13135
ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnerability in the function ReadCUTImage in coders/cut.c.
CVSS Score
8.8
EPSS Score
0.026
Published
2019-07-01
CVE-2019-13136
ImageMagick before 7.0.8-50 has an integer overflow vulnerability in the function TIFFSeekCustomStream in coders/tiff.c.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-07-01
CVE-2019-13137
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
CVSS Score
6.5
EPSS Score
0.015
Published
2019-07-01
CVE-2019-3962
Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may allow an authenticated, local attacker to exploit this vulnerability by convincing another targeted Nessus user to view a malicious URL and use Nessus to send fraudulent messages. Successful exploitation could allow the authenticated adversary to inject arbitrary text into the feed status, which will remain saved post session expiration.
CVSS Score
3.3
EPSS Score
0.002
Published
2019-07-01
CVE-2019-7275
Optergy Proton/Enterprise devices allow Open Redirect.
CVSS Score
6.1
EPSS Score
0.658
Published
2019-07-01
CVE-2019-13024
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
CVSS Score
8.8
EPSS Score
0.642
Published
2019-07-01
CVE-2019-1577
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.
CVSS Score
6.3
EPSS Score
0.005
Published
2019-07-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved