Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2018
CVE-2018-17858
An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-10-09
CVE-2018-18192
An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-10-09
CVE-2018-18193
An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-10-09
CVE-2018-18194
An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-10-09
CVE-2018-18195
An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-10-09
CVE-2018-18196
An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-10-09
CVE-2018-18197
An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-10-09
CVE-2018-6977
VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-10-09
CVE-2018-18086
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-10-09
CVE-2018-18087
The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title}.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-10-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved