Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2019
CVE-2019-13571
A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
CVSS Score
9.8
EPSS Score
0.029
Published
2019-07-29
CVE-2019-14271
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
CVSS Score
9.8
EPSS Score
0.722
Published
2019-07-29
CVE-2016-10765
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-07-29
CVE-2016-10766
edx-platform before 2016-06-06 allows CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-29
CVE-2019-11868
See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-07-29
CVE-2019-13126
An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-07-29
CVE-2019-13498
One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.
CVSS Score
7.4
EPSS Score
0.015
Published
2019-07-29
CVE-2019-12743
HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka Response Discrepancy Information Exposure.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-07-29
CVE-2019-12948
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial of service (DoS) condition or execute arbitrary code.
CVSS Score
8.3
EPSS Score
0.013
Published
2019-07-29
CVE-2019-14267
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.
CVSS Score
7.8
EPSS Score
0.144
Published
2019-07-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved