Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2019
CVE-2019-13955
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.
CVSS Score
6.5
EPSS Score
0.01
Published
2019-07-26
CVE-2019-14228
Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-07-26
CVE-2018-20857
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-07-26
CVE-2018-20854
An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-07-26
CVE-2018-20855
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
CVSS Score
3.3
EPSS Score
0.001
Published
2019-07-26
CVE-2018-20856
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-07-26
CVE-2019-14281
The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
CVSS Score
9.8
EPSS Score
0.012
Published
2019-07-26
CVE-2019-14282
The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
CVSS Score
9.8
EPSS Score
0.014
Published
2019-07-26
CVE-2019-14274
MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-07-26
CVE-2019-14275
Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-07-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved