Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2018
CVE-2018-14072
libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-07-15
CVE-2018-14073
libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-07-15
CVE-2018-14068
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-07-15
CVE-2018-14069
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-07-15
CVE-2018-14066
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.
CVSS Score
9.8
EPSS Score
0.001
Published
2018-07-15
CVE-2018-14063
The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-07-15
CVE-2018-14064
The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.
CVSS Score
9.8
EPSS Score
0.748
Published
2018-07-15
CVE-2018-14065
XMLReader.php in PHPOffice Common before 0.2.9 allows XXE.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-07-15
CVE-2018-14010
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
CVSS Score
9.8
EPSS Score
0.113
Published
2018-07-15
CVE-2018-14060
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
CVSS Score
9.8
EPSS Score
0.113
Published
2018-07-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved