Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2018
There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-07-23
There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-07-23
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-07-23
The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-07-23
mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-07-22
joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-22
manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-07-22
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-07-21
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-07-20


Contact Us

Shodan ® - All rights reserved