Shodan
Vulnerabilities
Vulnerable Software
Apple:  >> Mac Os X  >> 10.12.6  Security Vulnerabilities
CVE-2018-14462
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
CVSS Score
7.5
EPSS Score
0.023
Published
2019-10-03
CVE-2018-14463
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.
CVSS Score
7.5
EPSS Score
0.011
Published
2019-10-03
CVE-2018-14464
The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().
CVSS Score
7.5
EPSS Score
0.022
Published
2019-10-03
CVE-2018-14465
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
CVSS Score
7.5
EPSS Score
0.025
Published
2019-10-03
CVE-2018-14466
The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().
CVSS Score
7.5
EPSS Score
0.018
Published
2019-10-03
CVE-2018-14467
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).
CVSS Score
7.5
EPSS Score
0.02
Published
2019-10-03
CVE-2018-14468
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
CVSS Score
7.5
EPSS Score
0.023
Published
2019-10-03
CVE-2018-14469
The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().
CVSS Score
7.5
EPSS Score
0.04
Published
2019-10-03
CVE-2019-9506
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
CVSS Score
7.6
EPSS Score
0.024
Published
2019-08-14
CVE-2019-9518
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.
CVSS Score
7.5
EPSS Score
0.045
Published
2019-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved