Shodan
Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  >> 30  Security Vulnerabilities
CVE-2019-10900
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-04-09
CVE-2019-10901
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
CVSS Score
7.5
EPSS Score
0.086
Published
2019-04-09
CVE-2019-10902
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-04-09
CVE-2019-10903
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
CVSS Score
7.5
EPSS Score
0.075
Published
2019-04-09
CVE-2019-10894
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
CVSS Score
7.5
EPSS Score
0.075
Published
2019-04-09
CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-04-09
CVE-2019-11026
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-04-08
CVE-2019-0211
Known exploited
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
CVSS Score
7.8
EPSS Score
0.859
Published
2019-04-08
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
CVSS Score
7.5
EPSS Score
0.327
Published
2019-04-08
CVE-2019-0215
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
CVSS Score
7.5
EPSS Score
0.085
Published
2019-04-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved