Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2019
CVE-2019-14826
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
CVSS Score
5.6
EPSS Score
0.001
Published
2019-09-17
CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
CVSS Score
7.2
EPSS Score
0.001
Published
2019-09-17
CVE-2019-11559
A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16.1 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-09-17
CVE-2019-15729
An issue was discovered in GitLab Community and Enterprise Edition 8.18 through 12.2.1. An internal endpoint unintentionally disclosed information about the last pipeline that ran for a merge request.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-09-17
CVE-2016-10983
The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-09-17
CVE-2016-10984
The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-17
CVE-2016-10985
The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-17
CVE-2016-10986
The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-17
CVE-2016-10987
The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-09-17
CVE-2016-10988
The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved