Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2019-18888
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).
CVSS Score
7.5
EPSS Score
0.027
Published
2019-11-21
CVE-2019-18889
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.
CVSS Score
9.8
EPSS Score
0.026
Published
2019-11-21
CVE-2019-18933
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-21
CVE-2019-19221
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-21
CVE-2014-5255
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.
CVSS Score
7.0
EPSS Score
0.001
Published
2019-11-21
CVE-2012-1637
Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-11-21
CVE-2012-2078
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-11-21
CVE-2014-2901
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-21
CVE-2014-2902
wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-21
CVE-2014-2904
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved