Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2019
CVE-2019-18960
Firecracker vsock implementation buffer overflow in versions 0.18.0 and 0.19.0. This can result in potentially exploitable crashes.
CVSS Score
9.8
EPSS Score
0.021
Published
2019-12-11
CVE-2013-4158
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)
CVSS Score
6.1
EPSS Score
0.006
Published
2019-12-11
CVE-2019-3667
DLL Search Order Hijacking vulnerability in the Microsoft Windows client in McAfee Tech Check 3.0.0.17 and earlier allows local users to execute arbitrary code via the local folder placed there by an attacker.
CVSS Score
6.6
EPSS Score
0.001
Published
2019-12-11
CVE-2019-19719
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
CVSS Score
6.1
EPSS Score
0.501
Published
2019-12-11
CVE-2019-19720
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.
CVSS Score
8.8
EPSS Score
0.006
Published
2019-12-11
CVE-2019-19707
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-12-11
CVE-2019-19708
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-12-11
CVE-2019-19709
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-12-11
CVE-2019-5815
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-12-11
CVE-2019-19604
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository.
CVSS Score
7.8
EPSS Score
0.013
Published
2019-12-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved