Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2018
CVE-2018-15504
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-08-18
CVE-2018-15505
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-08-18
CVE-2018-15492
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-08-18
CVE-2018-15494
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-08-18
CVE-2018-15495
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-08-18
CVE-2018-15501
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-08-18
CVE-2018-15503
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
CVSS Score
7.5
EPSS Score
0.02
Published
2018-08-18
CVE-2018-15491
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes).
CVSS Score
7.5
EPSS Score
0.002
Published
2018-08-18
CVE-2018-14981
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005.
CVSS Score
9.8
EPSS Score
0.001
Published
2018-08-17
CVE-2018-14982
Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.
CVSS Score
9.8
EPSS Score
0.001
Published
2018-08-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved