Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2019
CVE-2019-18929
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-11-13
CVE-2019-18930
Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-11-13
CVE-2019-18931
Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-11-13
CVE-2019-5292
Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions before 9.1.0.217(C00E215R3P1), the versions before 9.1.0.205(C00E97R1P9), the versions before 9.1.0.205(C00E97R2P2) have an information leak vulnerability. Due to improper function error records of some module, an attacker with the access permission may exploit the vulnerability to obtain some information.
CVSS Score
3.3
EPSS Score
0.001
Published
2019-11-13
CVE-2012-4384
letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar
CVSS Score
6.1
EPSS Score
0.004
Published
2019-11-13
CVE-2013-4654
Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..
CVSS Score
9.8
EPSS Score
0.009
Published
2019-11-13
CVE-2013-4655
Symlink Traversal vulnerability in Belkin N900 due to misconfiguration in the SMB service.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-13
CVE-2014-3592
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-13
CVE-2014-3655
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
CVSS Score
4.3
EPSS Score
0.002
Published
2019-11-13
CVE-2019-17523
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-11-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved