Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2019
CVE-2019-19984
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.
CVSS Score
6.3
EPSS Score
0.002
Published
2019-12-26
CVE-2019-19985
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
CVSS Score
5.8
EPSS Score
0.867
Published
2019-12-26
CVE-2018-18288
CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-26
CVE-2019-19977
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-12-26
CVE-2019-19967
The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-12-25
CVE-2019-19965
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
CVSS Score
4.7
EPSS Score
0.001
Published
2019-12-25
CVE-2019-19966
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
CVSS Score
4.6
EPSS Score
0.001
Published
2019-12-25
CVE-2019-19960
In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-12-25
CVE-2019-19962
wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-12-25
CVE-2019-19963
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-12-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved