Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2019
CVE-2013-7089
ClamAV before 0.97.7: dbg_printhex possible information leak
CVSS Score
7.5
EPSS Score
0.005
Published
2019-11-15
CVE-2014-0021
Chrony before 1.29.1 has traffic amplification in cmdmon protocol
CVSS Score
7.5
EPSS Score
0.024
Published
2019-11-15
CVE-2014-0023
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
CVSS Score
7.8
EPSS Score
0.001
Published
2019-11-15
CVE-2019-14345
TemaTres 3.0 allows remote unprivileged users to create an administrator account
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-15
CVE-2019-14343
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
CVSS Score
5.4
EPSS Score
0.004
Published
2019-11-15
CVE-2019-14869
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
CVSS Score
7.3
EPSS Score
0.003
Published
2019-11-15
CVE-2019-18987
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-11-15
CVE-2019-18986
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-11-15
CVE-2019-18981
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-11-15
CVE-2019-18982
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-11-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved