Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2020
CVE-2019-20432
In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-01-27
CVE-2020-8002
A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS).
CVSS Score
5.5
EPSS Score
0.0
Published
2020-01-27
CVE-2019-20423
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-01-27
CVE-2019-20424
In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-27
CVE-2019-20425
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-27
CVE-2019-20426
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-27
CVE-2019-20421
In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
CVSS Score
7.5
EPSS Score
0.024
Published
2020-01-27
CVE-2019-20422
In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-01-27
CVE-2020-7999
The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-01-27
CVE-2020-8000
Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account.
CVSS Score
9.8
EPSS Score
0.008
Published
2020-01-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved