Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2019-10223
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can cause the entire secret content to end up in metric labels thus inadvertently exposing the secret content in metrics. This feature has been reverted and released as the v1.7.2 release. If you are running the v1.7.0 or v1.7.1 release, please upgrade to the v1.7.2 release as soon as possible.
CVSS Score
5.3
EPSS Score
0.012
Published
2019-11-05
CVE-2019-3685
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary
CVSS Score
7.4
EPSS Score
0.002
Published
2019-11-05
CVE-2010-3668
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-04
CVE-2010-3669
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-04
CVE-2010-3662
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-11-04
CVE-2010-3663
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
CVSS Score
8.8
EPSS Score
0.031
Published
2019-11-04
CVE-2010-3664
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-11-04
CVE-2010-3665
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-11-04
CVE-2010-3666
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-11-04
CVE-2010-3667
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-11-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved