Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2019
CVE-2019-14378
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
CVSS Score
8.8
EPSS Score
0.091
Published
2019-07-29
CVE-2019-14370
In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage::readMetadata() in mrwimage.cpp. It could result in denial of service.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-07-28
CVE-2019-14371
An issue was discovered in Libav 12.3. There is an infinite loop in the function mov_probe in the file libavformat/mov.c, related to offset and tag.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-28
CVE-2019-14372
In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-28
CVE-2019-14373
An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a heap-based buffer over-read in libpng via a crafted flif file.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-07-28
CVE-2019-14368
Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-07-28
CVE-2019-14369
Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 allows attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-28
CVE-2019-14362
Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-07-28
CVE-2019-14363
A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.
CVSS Score
9.8
EPSS Score
0.013
Published
2019-07-28
CVE-2019-14364
An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved