Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2020
CVE-2013-3316
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".
CVSS Score
9.8
EPSS Score
0.002
Published
2020-01-29
CVE-2013-3317
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-01-29
CVE-2013-3320
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-29
CVE-2013-3321
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-29
CVE-2019-10783
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
CVSS Score
9.8
EPSS Score
0.037
Published
2020-01-29
CVE-2019-20444
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CVSS Score
9.1
EPSS Score
0.028
Published
2020-01-29
CVE-2019-20445
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
CVSS Score
9.1
EPSS Score
0.005
Published
2020-01-29
CVE-2020-3719
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVSS Score
7.5
EPSS Score
0.015
Published
2020-01-29
CVE-2020-3758
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-29
CVE-2020-8432
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
CVSS Score
9.8
EPSS Score
0.012
Published
2020-01-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved