Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2019-15630
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-08-30
CVE-2019-2390
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14 and MongoDB Server v3.4 prior to 3.4.22.
CVSS Score
8.2
EPSS Score
0.005
Published
2019-08-30
CVE-2019-15026
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
CVSS Score
7.5
EPSS Score
0.013
Published
2019-08-30
CVE-2019-2389
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-08-30
CVE-2019-15833
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-30
CVE-2019-15827
The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-30
CVE-2019-15828
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-08-30
CVE-2019-15829
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS.
CVSS Score
4.8
EPSS Score
0.011
Published
2019-08-30
CVE-2019-15830
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-30
CVE-2019-15831
The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved