Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2019-5401
A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields (management URL, location, contact). But admin privileges are required to configure these fields thereby reducing the likelihood of exploit. HPE Aruba has provided firmware updates to resolve the vulnerability in HP 2910-48G al Switch. Please update to W.15.14.0017.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-08-01
CVE-2019-14513
Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-08-01
CVE-2019-14260
On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection (missing input validation) issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands via shell commands in a POST request.
CVSS Score
8.0
EPSS Score
0.03
Published
2019-08-01
CVE-2016-10820
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
CVSS Score
8.8
EPSS Score
0.003
Published
2019-08-01
CVE-2016-10821
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).
CVSS Score
6.5
EPSS Score
0.003
Published
2019-08-01
CVE-2016-10826
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
CVSS Score
8.8
EPSS Score
0.004
Published
2019-08-01
CVE-2016-10814
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
CVSS Score
8.8
EPSS Score
0.005
Published
2019-08-01
CVE-2016-10815
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
CVSS Score
6.5
EPSS Score
0.003
Published
2019-08-01
CVE-2016-10816
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
CVSS Score
8.8
EPSS Score
0.01
Published
2019-08-01
CVE-2016-10817
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
CVSS Score
9.8
EPSS Score
0.004
Published
2019-08-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved