Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2020-29574
Known exploited
An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL statements remotely.
CVSS Score
9.8
EPSS Score
0.12
Published
2020-12-11
CVE-2020-17530
Known exploited
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
CVSS Score
9.8
EPSS Score
0.944
Published
2020-12-11
CVE-2020-17144
Known exploited
Microsoft Exchange Remote Code Execution Vulnerability
CVSS Score
8.4
EPSS Score
0.92
Published
2020-12-10
CVE-2020-27930
Known exploited
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. Processing a maliciously crafted font may lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.439
Published
2020-12-08
CVE-2020-27932
Known exploited
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.
CVSS Score
7.8
EPSS Score
0.128
Published
2020-12-08
CVE-2020-27950
Known exploited
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.
CVSS Score
5.5
EPSS Score
0.443
Published
2020-12-08
CVE-2020-4006
Known exploited
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
CVSS Score
9.1
EPSS Score
0.128
Published
2020-11-23
CVE-2020-13671
Known exploited
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
CVSS Score
8.8
EPSS Score
0.045
Published
2020-11-20
CVE-2020-28949
Known exploited
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
CVSS Score
7.8
EPSS Score
0.934
Published
2020-11-19
CVE-2020-17087
Known exploited
Windows Kernel Local Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.217
Published
2020-11-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved