Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2019
CVE-2019-5477
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
CVSS Score
9.8
EPSS Score
0.013
Published
2019-08-16
CVE-2019-15119
lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-08-16
CVE-2019-15120
The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.
CVSS Score
5.4
EPSS Score
0.014
Published
2019-08-16
CVE-2019-15118
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-08-16
CVE-2015-9325
The visitors-online plugin before 0.4 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-16
CVE-2015-9326
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-16
CVE-2016-10904
The olimometer plugin before 2.57 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-16
CVE-2017-18548
The note-press plugin before 0.1.2 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-08-16
CVE-2019-15117
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-08-16
CVE-2019-14923
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
CVSS Score
8.8
EPSS Score
0.132
Published
2019-08-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved