Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2016-4980
A password generation weakness exists in xquest through 2016-06-13.
CVSS Score
2.5
EPSS Score
0.001
Published
2019-11-27
CVE-2017-12945
Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.
CVSS Score
8.8
EPSS Score
0.264
Published
2019-11-27
CVE-2019-10220
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
CVSS Score
8.0
EPSS Score
0.007
Published
2019-11-27
CVE-2019-18184
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.
CVSS Score
9.8
EPSS Score
0.213
Published
2019-11-27
CVE-2019-19327
ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-11-27
CVE-2019-19328
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-11-27
CVE-2019-19329
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-27
CVE-2019-19330
The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-11-27
CVE-2019-19308
In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).
CVSS Score
5.5
EPSS Score
0.003
Published
2019-11-27
CVE-2019-13935
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions < 19.2.
CVSS Score
3.5
EPSS Score
0.004
Published
2019-11-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved