Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-19869
An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-12-26
CVE-2018-19870
An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault.
CVSS Score
8.8
EPSS Score
0.026
Published
2018-12-26
CVE-2018-19871
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption.
CVSS Score
6.5
EPSS Score
0.015
Published
2018-12-26
CVE-2018-19873
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
CVSS Score
9.8
EPSS Score
0.134
Published
2018-12-26
CVE-2018-20217
A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.
CVSS Score
5.3
EPSS Score
0.009
Published
2018-12-26
CVE-2018-20404
ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary (uncontrollable) address, resulting in an eternal hang or a BSoD.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-12-26
CVE-2018-18535
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-12-26
CVE-2018-18536
The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-12-26
CVE-2018-18537
The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-12-26
CVE-2018-19182
Engelsystem before commit hash 2e28336 allows CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved