Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2018-20900
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-01
CVE-2019-0193
Known exploited
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
CVSS Score
7.2
EPSS Score
0.931
Published
2019-08-01
CVE-2019-3884
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
CVSS Score
3.6
EPSS Score
0.001
Published
2019-08-01
CVE-2019-3890
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
CVSS Score
8.1
EPSS Score
0.002
Published
2019-08-01
CVE-2018-20889
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
CVSS Score
4.4
EPSS Score
0.001
Published
2019-08-01
CVE-2018-20890
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).
CVSS Score
4.3
EPSS Score
0.002
Published
2019-08-01
CVE-2018-20891
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
CVSS Score
5.5
EPSS Score
0.001
Published
2019-08-01
CVE-2018-20892
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
CVSS Score
4.3
EPSS Score
0.002
Published
2019-08-01
CVE-2018-20893
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
CVSS Score
2.3
EPSS Score
0.001
Published
2019-08-01
CVE-2018-20894
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).
CVSS Score
3.3
EPSS Score
0.0
Published
2019-08-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved