Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2018
CVE-2018-19210
In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.
CVSS Score
6.5
EPSS Score
0.055
Published
2018-11-12
CVE-2018-19211
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-11-12
CVE-2018-19212
In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-11-12
CVE-2018-19213
Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-11-12
CVE-2018-19214
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-12
CVE-2018-19215
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-12
CVE-2018-19216
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-12
CVE-2018-19217
In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party
CVSS Score
6.5
EPSS Score
0.004
Published
2018-11-12
CVE-2018-19218
In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-11-12
CVE-2018-19219
In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-11-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved