Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
CVE-2018-10814
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-09-14
CVE-2018-12086
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
CVSS Score
7.5
EPSS Score
0.28
Published
2018-09-14
CVE-2018-12585
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.
CVSS Score
8.2
EPSS Score
0.006
Published
2018-09-14
CVE-2018-16242
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-09-14
CVE-2018-16286
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-09-14
CVE-2018-11058
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.
CVSS Score
7.5
EPSS Score
0.018
Published
2018-09-14
CVE-2018-11087
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.
CVSS Score
5.9
EPSS Score
0.005
Published
2018-09-14
CVE-2018-17057
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
CVSS Score
9.8
EPSS Score
0.397
Published
2018-09-14
CVE-2018-14638
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-09-14
CVE-2018-0718
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
CVSS Score
9.8
EPSS Score
0.06
Published
2018-09-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved