Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2018
CVE-2018-20622
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
CVSS Score
6.5
EPSS Score
0.014
Published
2018-12-31
CVE-2018-20623
In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-12-31
CVE-2018-6334
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).
CVSS Score
9.8
EPSS Score
0.005
Published
2018-12-31
CVE-2018-6335
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-12-31
CVE-2018-6336
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7
CVSS Score
7.8
EPSS Score
0.001
Published
2018-12-31
CVE-2018-6668
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell.
CVSS Score
6.1
EPSS Score
0.0
Published
2018-12-31
CVE-2018-18600
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.
CVSS Score
8.1
EPSS Score
0.017
Published
2018-12-31
CVE-2018-18601
The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow.
CVSS Score
8.1
EPSS Score
0.005
Published
2018-12-31
CVE-2018-18602
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-12-31
CVE-2018-19937
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
CVSS Score
6.6
EPSS Score
0.0
Published
2018-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved