Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2019-15639
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.
CVSS Score
7.5
EPSS Score
0.088
Published
2019-09-09
CVE-2019-15895
search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-09-09
CVE-2019-16114
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php.
CVSS Score
9.8
EPSS Score
0.208
Published
2019-09-09
CVE-2019-16146
Gophish through 0.8.0 allows XSS via a username.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-09-09
CVE-2019-16148
Sakai through 12.6 allows XSS via a chat user name.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-09
CVE-2019-16143
An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-09-09
CVE-2019-16144
An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-09
CVE-2019-16137
An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-09
CVE-2019-16138
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.022
Published
2019-09-09
CVE-2019-16139
An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved