Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2019-6968
The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS because HTML form parameters are directly reflected.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-02
CVE-2019-6969
The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that allows an unauthenticated user to have access to sensitive information such as the Wi-Fi password and the phone number (if VoIP is in use).
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-02
CVE-2019-7163
The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password.
CVSS Score
9.8
EPSS Score
0.035
Published
2019-08-02
CVE-2019-10088
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.
CVSS Score
8.8
EPSS Score
0.014
Published
2019-08-02
CVE-2019-10093
In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.
CVSS Score
6.5
EPSS Score
0.015
Published
2019-08-02
CVE-2019-10094
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.
CVSS Score
7.8
EPSS Score
0.005
Published
2019-08-02
CVE-2017-18460
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).
CVSS Score
7.8
EPSS Score
0.001
Published
2019-08-02
CVE-2017-18461
cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223).
CVSS Score
4.3
EPSS Score
0.002
Published
2019-08-02
CVE-2017-18463
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).
CVSS Score
7.8
EPSS Score
0.001
Published
2019-08-02
CVE-2019-10961
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-08-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved