Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2019-18684
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers
CVSS Score
7.0
EPSS Score
0.001
Published
2019-11-04
CVE-2013-2261
Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure
CVSS Score
7.5
EPSS Score
0.103
Published
2019-11-04
CVE-2013-2262
Cryptocat strophe.js before 2.0.22 has information disclosure
CVSS Score
7.5
EPSS Score
0.005
Published
2019-11-04
CVE-2013-4104
Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol
CVSS Score
7.5
EPSS Score
0.001
Published
2019-11-04
CVE-2013-4103
Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input
CVSS Score
9.8
EPSS Score
0.071
Published
2019-11-04
CVE-2014-3649
JBoss AeroGear has reflected XSS via the password field
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-04
CVE-2018-19031
A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897.
CVSS Score
8.8
EPSS Score
0.038
Published
2019-11-04
CVE-2019-0350
SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service
CVSS Score
7.5
EPSS Score
0.005
Published
2019-11-04
CVE-2019-18680
An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.
CVSS Score
7.5
EPSS Score
0.017
Published
2019-11-04
CVE-2013-4100
Cryptocat before 2.0.22 has Remote Denial of Service via username
CVSS Score
7.5
EPSS Score
0.011
Published
2019-11-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved