Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2018-21001
The anycomment plugin before 0.0.33 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27
CVE-2019-15666
An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.
CVSS Score
4.4
EPSS Score
0.057
Published
2019-08-27
CVE-2019-15657
In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-26
CVE-2019-15658
connect-pg-simple before 6.0.1 allows SQL injection if tableName or schemaName is untrusted data.
CVSS Score
7.3
EPSS Score
0.002
Published
2019-08-26
CVE-2019-15651
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-08-26
CVE-2019-15055
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-08-26
CVE-2019-15497
Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box 9.2.3 through 11.1.4 and other products, has default credentials that allow remote attackers to access devices remotely via SSH, HTTP, HTTPS, and FTP.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-08-26
CVE-2018-18668
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-26
CVE-2019-8460
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-08-26
CVE-2019-9569
Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_B-571848 allows remote unauthenticated users to execute arbitrary code and possibly cause a denial of service via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.069
Published
2019-08-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved