Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2019-13608
Known exploited
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
CVSS Score
7.5
EPSS Score
0.294
Published
2019-08-29
CVE-2019-14533
The Control function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-08-29
CVE-2019-14534
In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer dereference at the function SeekPercent of demux/asf/asf.c that will lead to a denial of service attack.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-08-29
CVE-2019-14776
A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1 via a crafted .mkv file.
CVSS Score
7.8
EPSS Score
0.004
Published
2019-08-29
CVE-2019-14777
The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-08-29
CVE-2019-14778
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-08-29
CVE-2019-14970
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
CVSS Score
7.8
EPSS Score
0.003
Published
2019-08-29
CVE-2019-14978
/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-08-29
CVE-2019-14979
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state
CVSS Score
5.3
EPSS Score
0.002
Published
2019-08-29
CVE-2019-15811
In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
CVSS Score
6.1
EPSS Score
0.052
Published
2019-08-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved