Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2020
CVE-2019-19494
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.
CVSS Score
8.8
EPSS Score
0.708
Published
2020-01-09
CVE-2020-5205
In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-01-09
CVE-2020-6628
Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-01-09
CVE-2020-6629
Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-01-09
CVE-2020-6630
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-01-09
CVE-2020-6631
An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-01-09
CVE-2020-6632
In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a QuickAccess link. This is related to AdminQuickAccessesController.php, themes/default/template/header.tpl, and themes/new-theme/js/header.js.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-09
CVE-2020-6624
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
CVSS Score
7.1
EPSS Score
0.007
Published
2020-01-09
CVE-2020-6625
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.
CVSS Score
7.1
EPSS Score
0.009
Published
2020-01-09
CVE-2019-11292
Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-01-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved