CVE Vulnerabilities for Insecure Nmap
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2018‑15173 | 2018‑08‑08 00:29:02 | MEDIUM (5) | Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service. | 0 | 0 | NETWORK |
| CVE‑2018‑100016 | 2018‑04‑18 19:29:01 | LOW (4) | nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. | 0 | 0 | NETWORK |
| CVE‑2017‑18594 | 2019‑08‑29 00:15:10 | MEDIUM (5) | nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse. | 0 | 0 | NETWORK |
| CVE‑2013‑4885 | 2013‑10‑26 17:55:03 | MEDIUM (7) | The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences. | 0 | 0 | NETWORK |
View OS-specific patching for:
Windows Mac Linux
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.