Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2019
CVE-2019-10768
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-11-19
CVE-2019-10766
Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-11-19
CVE-2019-11289
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash.
CVSS Score
8.6
EPSS Score
0.007
Published
2019-11-19
CVE-2011-2922
ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-19
CVE-2019-18934
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
CVSS Score
7.3
EPSS Score
0.01
Published
2019-11-19
CVE-2012-6070
Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-19
CVE-2012-6071
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-19
CVE-2012-6135
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
CVSS Score
7.5
EPSS Score
0.013
Published
2019-11-19
CVE-2016-1000236
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
CVSS Score
4.4
EPSS Score
0.005
Published
2019-11-19
CVE-2011-2921
ktsuss versions 1.4 and prior has the uid set to root and does not drop privileges prior to executing user specified commands, which can result in command execution with root privileges.
CVSS Score
9.8
EPSS Score
0.716
Published
2019-11-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved