Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-16408
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.
CVSS Score
7.2
EPSS Score
0.046
Published
2018-09-03
CVE-2018-16409
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.
CVSS Score
8.6
EPSS Score
0.002
Published
2018-09-03
CVE-2018-16410
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-09-03
CVE-2018-16412
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-09-03
CVE-2018-16413
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-09-03
CVE-2018-16416
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-09-03
CVE-2018-16398
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-09-03
CVE-2018-16402
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.
CVSS Score
9.8
EPSS Score
0.011
Published
2018-09-03
CVE-2018-16403
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-09-03
CVE-2018-16405
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-09-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved