Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-16631
Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-04
CVE-2018-16633
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-04
CVE-2018-16634
Pluck v4.7.7 allows CSRF via admin.php?action=settings.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-04
CVE-2018-19591
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
CVSS Score
7.5
EPSS Score
0.009
Published
2018-12-04
CVE-2018-19854
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).
CVSS Score
4.7
EPSS Score
0.001
Published
2018-12-04
CVE-2018-17157
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.127
Published
2018-12-04
CVE-2018-17158
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request.
CVSS Score
7.5
EPSS Score
0.078
Published
2018-12-04
CVE-2018-17159
In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation.
CVSS Score
7.5
EPSS Score
0.078
Published
2018-12-04
CVE-2018-16478
A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-12-04
CVE-2018-6981
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.
CVSS Score
8.8
EPSS Score
0.12
Published
2018-12-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved