Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2018
CVE-2018-20190
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-12-17
CVE-2018-20186
An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-12-17
CVE-2018-20188
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-17
CVE-2018-20133
ymlref allows code injection.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-12-17
CVE-2018-20184
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-12-17
CVE-2018-20185
In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.
CVSS Score
5.3
EPSS Score
0.009
Published
2018-12-17
CVE-2018-19976
In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-12-17
CVE-2018-20092
PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-12-17
CVE-2018-20123
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-12-17
CVE-2018-19974
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).
CVSS Score
5.5
EPSS Score
0.003
Published
2018-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved