Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2020
CVE-2013-3935
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-01-02
CVE-2013-3936
Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-02
CVE-2019-10158
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
CVSS Score
5.4
EPSS Score
0.005
Published
2020-01-02
CVE-2019-10775
ecstatic have a denial of service vulnerability. Successful exploitation could lead to crash of an application.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-02
CVE-2019-14859
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions.
CVSS Score
7.4
EPSS Score
0.001
Published
2020-01-02
CVE-2020-5179
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
CVSS Score
7.2
EPSS Score
0.022
Published
2020-01-02
CVE-2019-20204
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.
CVSS Score
5.4
EPSS Score
0.011
Published
2020-01-02
CVE-2019-20205
libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-01-02
CVE-2019-20208
dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow.
CVSS Score
5.5
EPSS Score
0.005
Published
2020-01-02
CVE-2019-20213
D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-01-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved