Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2019
CVE-2019-18647
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
CVSS Score
7.2
EPSS Score
0.015
Published
2019-11-14
CVE-2019-18648
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-11-14
CVE-2019-18649
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
CVSS Score
4.8
EPSS Score
0.003
Published
2019-11-14
CVE-2019-18885
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
CVSS Score
5.5
EPSS Score
0.025
Published
2019-11-14
CVE-2019-18895
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-14
CVE-2019-18957
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
CVSS Score
6.1
EPSS Score
0.071
Published
2019-11-14
CVE-2019-16863
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
CVSS Score
5.9
EPSS Score
0.003
Published
2019-11-14
CVE-2019-18949
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-11-14
CVE-2011-1930
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
CVSS Score
9.8
EPSS Score
0.29
Published
2019-11-14
CVE-2011-1145
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
CVSS Score
7.8
EPSS Score
0.002
Published
2019-11-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved