Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2018
CVE-2018-19757
There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-11-30
CVE-2018-19758
There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.
CVSS Score
6.5
EPSS Score
0.008
Published
2018-11-30
CVE-2018-19759
There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-11-30
CVE-2018-19760
cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-11-30
CVE-2018-19761
There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-11-30
CVE-2018-19762
There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-30
CVE-2018-19763
There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-11-30
CVE-2018-19497
In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c).
CVSS Score
6.5
EPSS Score
0.021
Published
2018-11-29
CVE-2018-19527
i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-29
CVE-2018-18619
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
CVSS Score
9.8
EPSS Score
0.035
Published
2018-11-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved