Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2018
CVE-2018-19357
XMPlay 3.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted http:// URL in a .m3u file.
CVSS Score
7.8
EPSS Score
0.052
Published
2018-12-24
CVE-2018-20426
libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-12-24
CVE-2018-20427
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-12-24
CVE-2018-20428
libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-12-24
CVE-2018-20429
libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-12-24
CVE-2018-20430
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.
CVSS Score
6.5
EPSS Score
0.006
Published
2018-12-24
CVE-2018-20431
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.
CVSS Score
6.5
EPSS Score
0.006
Published
2018-12-24
CVE-2018-20425
libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-12-24
CVE-2018-20418
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
CVSS Score
4.8
EPSS Score
0.005
Published
2018-12-24
CVE-2018-20422
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
CVSS Score
8.1
EPSS Score
0.003
Published
2018-12-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved