Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2011-4967
tog-Pegasus has a package hash collision DoS vulnerability
CVSS Score
7.5
EPSS Score
0.007
Published
2019-11-19
CVE-2016-1000006
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-19
CVE-2012-0842
surf: cookie jar has read access from other local user
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-19
CVE-2019-16860
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine.
CVSS Score
7.3
EPSS Score
0.0
Published
2019-11-19
CVE-2019-16861
Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server.
CVSS Score
7.3
EPSS Score
0.001
Published
2019-11-19
CVE-2014-5118
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-18
CVE-2019-12422
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
CVSS Score
7.5
EPSS Score
0.66
Published
2019-11-18
CVE-2012-4441
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.
CVSS Score
6.1
EPSS Score
0.015
Published
2019-11-18
CVE-2019-10764
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.
CVSS Score
7.4
EPSS Score
0.004
Published
2019-11-18
CVE-2019-19117
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
CVSS Score
8.8
EPSS Score
0.166
Published
2019-11-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved