Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2019
CVE-2019-15009
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper authorization vulnerability.
CVSS Score
4.3
EPSS Score
0.003
Published
2019-12-11
CVE-2019-4665
IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171247.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-12-11
CVE-2019-4715
IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093.
CVSS Score
8.8
EPSS Score
0.051
Published
2019-12-11
CVE-2013-7371
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)
CVSS Score
6.1
EPSS Score
0.006
Published
2019-12-11
CVE-2014-0026
katello-headpin is vulnerable to CSRF in REST API
CVSS Score
6.5
EPSS Score
0.002
Published
2019-12-11
CVE-2013-4245
Orca has arbitrary code execution due to insecure Python module load
CVSS Score
7.3
EPSS Score
0.002
Published
2019-12-11
CVE-2013-4593
RubyGem omniauth-facebook has an access token security vulnerability
CVSS Score
7.5
EPSS Score
0.004
Published
2019-12-11
CVE-2013-6495
JBossWeb Bayeux has reflected XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-11
CVE-2013-7370
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
CVSS Score
6.1
EPSS Score
0.011
Published
2019-12-11
CVE-2019-18935
Known exploited
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
CVSS Score
9.8
EPSS Score
0.935
Published
2019-12-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved