Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2019-10374
A stored cross-site scripting vulnerability in Jenkins PegDown Formatter Plugin 1.3 and earlier allows attackers able to edit descriptions and other fields rendered using the configured markup formatter to insert links with the javascript scheme into the Jenkins UI.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-08-07
CVE-2019-10375
An arbitrary file read vulnerability in Jenkins File System SCM Plugin 2.1 and earlier allows attackers able to configure jobs in Jenkins to obtain the contents of any file on the Jenkins master.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-08-07
CVE-2019-10376
A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-08-07
CVE-2019-10377
A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins.
CVSS Score
4.3
EPSS Score
0.0
Published
2019-08-07
CVE-2016-5431
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-08-07
CVE-2018-14383
The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-07
CVE-2018-20961
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
CVSS Score
9.8
EPSS Score
0.058
Published
2019-08-07
CVE-2016-10811
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
CVSS Score
8.8
EPSS Score
0.004
Published
2019-08-07
CVE-2016-10812
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
CVSS Score
8.8
EPSS Score
0.005
Published
2019-08-07
CVE-2016-10861
Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP name and password.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-08-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved