Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2019-19275
typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)
CVSS Score
7.5
EPSS Score
0.014
Published
2019-11-26
CVE-2015-4457
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-26
CVE-2015-9537
The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template.
CVSS Score
5.4
EPSS Score
0.006
Published
2019-11-26
CVE-2015-9538
The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.
CVSS Score
6.5
EPSS Score
0.019
Published
2019-11-26
CVE-2015-9539
The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-11-26
CVE-2018-17860
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-11-26
CVE-2015-7831
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-26
CVE-2016-3131
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-11-26
CVE-2016-3192
Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-26
CVE-2016-4572
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-11-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved