Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2018-18819
A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP2 (8.0.2.202), and MiVoice Business Express versions 7.3 PR3 (7.3.1.302) and earlier, and 8.0 (8.0.0.40) through 8.0 SP2 FP1 (8.0.2.202), could allow creation of unauthorized chat sessions, due to insufficient access controls. A successful exploit could allow execution of arbitrary commands.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-11-12
CVE-2019-18658
In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-11-12
CVE-2019-18817
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-11-12
CVE-2011-2897
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
CVSS Score
9.8
EPSS Score
0.01
Published
2019-11-12
CVE-2011-2935
Elgg through 1.7.10 has XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-12
CVE-2011-2936
Elgg through 1.7.10 has a SQL injection vulnerability
CVSS Score
9.8
EPSS Score
0.003
Published
2019-11-12
CVE-2011-3370
statusnet before 0.9.9 has XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-12
CVE-2019-18881
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-12
CVE-2019-18882
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-12
CVE-2019-18873
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
CVSS Score
9.0
EPSS Score
0.034
Published
2019-11-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved