Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2019
CVE-2019-19368
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
CVSS Score
6.1
EPSS Score
0.756
Published
2019-12-16
CVE-2019-4444
IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user registration page does not disable password autocomplete. An attacker with access to the browser instance and local system credentials can steal the credentials used for registration. IBM X-Force ID: 163453.
CVSS Score
5.1
EPSS Score
0.001
Published
2019-12-16
CVE-2019-4560
IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-12-16
CVE-2019-19783
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of folder mishandling in autosieve_createfolder() in imap/lmtp_sieve.c.
CVSS Score
6.5
EPSS Score
0.012
Published
2019-12-16
CVE-2019-19807
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-12-15
CVE-2014-8650
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVSS Score
9.8
EPSS Score
0.005
Published
2019-12-15
CVE-2014-3536
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-15
CVE-2014-3643
jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVSS Score
7.5
EPSS Score
0.002
Published
2019-12-15
CVE-2014-3652
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-12-15
CVE-2014-3699
eDeploy has RCE via cPickle deserialization of untrusted data
CVSS Score
9.8
EPSS Score
0.01
Published
2019-12-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved