Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2020
CVE-2007-4773
Systrace before 1.6.0 has insufficient escape policy enforcement.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-01-15
CVE-2007-4774
The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.
CVSS Score
5.9
EPSS Score
0.002
Published
2020-01-15
CVE-2015-5230
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-01-15
CVE-2015-5952
Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter.
CVSS Score
9.8
EPSS Score
0.022
Published
2020-01-15
CVE-2015-6497
The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap.
CVSS Score
8.8
EPSS Score
0.029
Published
2020-01-15
CVE-2017-3211
Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-01-15
CVE-2019-16466
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVSS Score
6.1
EPSS Score
0.016
Published
2020-01-15
CVE-2019-16467
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVSS Score
6.1
EPSS Score
0.016
Published
2020-01-15
CVE-2020-2098
A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-01-15
CVE-2019-18412
JetBrains IDETalk plugin before version 193.4099.10 allows XXE
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved