Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-18861
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.
CVSS Score
9.8
EPSS Score
0.026
Published
2018-11-20
CVE-2018-18864
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed.
CVSS Score
9.6
EPSS Score
0.009
Published
2018-11-20
CVE-2018-18865
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
CVSS Score
8.1
EPSS Score
0.288
Published
2018-11-20
CVE-2018-12037
An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.
CVSS Score
4.0
EPSS Score
0.002
Published
2018-11-20
CVE-2018-12038
An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key.
CVSS Score
4.2
EPSS Score
0.07
Published
2018-11-20
CVE-2018-16222
Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password.
CVSS Score
6.8
EPSS Score
0.001
Published
2018-11-20
CVE-2018-16223
Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecamera_preferences.xml in the QBee Cam application through 1.0.5 for Android allows an attacker to retrieve the username and password.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-11-20
CVE-2018-16224
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
CVSS Score
5.3
EPSS Score
0.018
Published
2018-11-20
CVE-2018-18439
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-11-20
CVE-2018-18440
DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-11-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved