Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2019-18874
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-11-12
CVE-2019-18862
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
CVSS Score
7.8
EPSS Score
0.007
Published
2019-11-11
CVE-2019-18853
ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-11-11
CVE-2019-18854
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-11
CVE-2019-18855
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-11
CVE-2019-18856
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-11
CVE-2019-18857
darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript&#9;:alert substring.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-11-11
CVE-2019-18852
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-11-11
CVE-2019-18849
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
CVSS Score
5.5
EPSS Score
0.01
Published
2019-11-11
CVE-2019-18836
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved