Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-9073
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-11-16
CVE-2018-9085
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
CVSS Score
4.9
EPSS Score
0.001
Published
2018-11-16
CVE-2018-9086
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
CVSS Score
7.2
EPSS Score
0.021
Published
2018-11-16
CVE-2018-19296
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
CVSS Score
8.8
EPSS Score
0.012
Published
2018-11-16
CVE-2018-19301
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-15
CVE-2018-5407
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVSS Score
4.7
EPSS Score
0.006
Published
2018-11-15
CVE-2018-14934
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-11-15
CVE-2018-14935
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-11-15
CVE-2018-16619
Sonatype Nexus Repository Manager before 3.14 allows XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-11-15
CVE-2018-16620
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved