Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2006-4245
archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.
CVSS Score
8.1
EPSS Score
0.003
Published
2019-11-06
CVE-2019-18784
SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-11-06
CVE-2019-18786
In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-06
CVE-2019-18674
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-11-06
CVE-2006-0061
xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-06
CVE-2019-18650
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-11-06
CVE-2019-8132
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Name field for Email template in the "Design Configuration" dashboard.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-06
CVE-2019-8145
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the attribute set name when listing the products.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-06
CVE-2019-8156
A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configurations can manipulate the connector api endpoint to enable remote code execution.
CVSS Score
7.2
EPSS Score
0.011
Published
2019-11-06
CVE-2019-8157
A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an invocation of error handling that acceses user input without sanitization.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved