Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2020
CVE-2020-5305
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-01-05
CVE-2020-5306
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
CVSS Score
4.8
EPSS Score
0.005
Published
2020-01-05
CVE-2019-20004
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-01-05
CVE-2019-19313
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-01-05
CVE-2019-19314
GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-01-05
CVE-2019-19628
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.
CVSS Score
9.8
EPSS Score
0.021
Published
2020-01-05
CVE-2019-19629
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-01-05
CVE-2019-19911
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-01-05
CVE-2019-20336
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-05
CVE-2019-20337
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.
CVSS Score
7.2
EPSS Score
0.003
Published
2020-01-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved