Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2020
CVE-2014-5011
DOMPDF before 0.6.2 allows Information Disclosure.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-01-10
CVE-2014-5012
DOMPDF before 0.6.2 allows denial of service.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-01-10
CVE-2014-5013
DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.
CVSS Score
8.8
EPSS Score
0.256
Published
2020-01-10
CVE-2019-20375
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to elogd.c.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-10
CVE-2019-20376
A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-10
CVE-2019-20373
LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-01-09
CVE-2019-20374
A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML sanitization. Given that the application is based on the Electron framework, the XSS leads to remote code execution in an unsandboxed environment.
CVSS Score
8.3
EPSS Score
0.022
Published
2020-01-09
CVE-2020-6756
languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter.
CVSS Score
9.8
EPSS Score
0.118
Published
2020-01-09
CVE-2020-6757
contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter.
CVSS Score
7.4
EPSS Score
0.009
Published
2020-01-09
CVE-2020-6758
A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows remote attackers to inject arbitrary web script or HTML via the ContentFrame parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-01-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved