Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2019
CVE-2019-18854
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to unlimited recursion for a '<use ... xlink:href="#identifier">' substring.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-11
CVE-2019-18855
A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-11-11
CVE-2019-18856
A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-11
CVE-2019-18857
darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript&#9;:alert substring.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-11-11
CVE-2019-18852
Certain D-Link devices have a hardcoded Alphanetworks user account with TELNET access because of /etc/config/image_sign or /etc/alpha_config/image_sign. This affects DIR-600 B1 V2.01 for WW, DIR-890L A1 v1.03, DIR-615 J1 v100 (for DCN), DIR-645 A1 v1.03, DIR-815 A1 v1.01, DIR-823 A1 v1.01, and DIR-842 C1 v3.00.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-11
CVE-2019-18849
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
CVSS Score
5.5
EPSS Score
0.01
Published
2019-11-11
CVE-2019-18836
Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used."
CVSS Score
7.5
EPSS Score
0.002
Published
2019-11-11
CVE-2019-18841
Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before 3.3.0 for Ruby, allows prototype pollution.
CVSS Score
7.3
EPSS Score
0.006
Published
2019-11-11
CVE-2019-18845
The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow local users (including low integrity processes) to read and write to arbitrary memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, by mapping \Device\PhysicalMemory into the calling process via ZwOpenSection and ZwMapViewOfSection.
CVSS Score
7.1
EPSS Score
0.001
Published
2019-11-09
CVE-2019-18840
In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved