Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2019
CVE-2019-19221
In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-21
CVE-2014-5255
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.
CVSS Score
7.0
EPSS Score
0.001
Published
2019-11-21
CVE-2012-1637
Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-11-21
CVE-2012-2078
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-11-21
CVE-2014-2901
wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-11-21
CVE-2014-2902
wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-21
CVE-2014-2904
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-21
CVE-2014-5254
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files.
CVSS Score
4.7
EPSS Score
0.001
Published
2019-11-21
CVE-2012-1001
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php.
CVSS Score
6.1
EPSS Score
0.192
Published
2019-11-21
CVE-2014-8356
The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.
CVSS Score
8.8
EPSS Score
0.018
Published
2019-11-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved