Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2019
CVE-2019-10758
Known exploited
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
CVSS Score
9.9
EPSS Score
0.944
Published
2019-12-24
CVE-2019-19957
In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_access_result.c has an out-of-bounds read vulnerability, related to bufPos and elementLength.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-12-24
CVE-2019-19958
In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-12-24
CVE-2019-5702
NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-12-24
CVE-2019-19925
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVSS Score
7.5
EPSS Score
0.122
Published
2019-12-24
CVE-2019-19923
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
CVSS Score
7.5
EPSS Score
0.139
Published
2019-12-24
CVE-2019-19924
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
CVSS Score
5.3
EPSS Score
0.109
Published
2019-12-24
CVE-2019-19956
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-12-24
CVE-2019-18249
Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firmware versions prior to 8.26.4), may allow attacker to execute commands on behalf of the user when an authenticated user clicks on a malicious link.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-24
CVE-2019-19954
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
CVSS Score
7.3
EPSS Score
0.001
Published
2019-12-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved