Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2020
CVE-2020-5234
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.
CVSS Score
4.8
EPSS Score
0.006
Published
2020-01-31
CVE-2011-4088
ABRT might allow attackers to obtain sensitive information from crash reports.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-01-31
CVE-2014-4859
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.
CVSS Score
6.8
EPSS Score
0.0
Published
2020-01-31
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.
CVSS Score
6.8
EPSS Score
0.0
Published
2020-01-31
CVE-2019-4720
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-01-31
CVE-2020-8422
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).
CVSS Score
4.3
EPSS Score
0.003
Published
2020-01-31
CVE-2013-5113
LastPass prior to 2.5.1 has an insecure PIN implementation.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-01-31
CVE-2013-5114
LastPass prior to 2.5.1 allows secure wipe bypass.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-01-31
CVE-2013-5116
Evernote prior to 5.5.1 has insecure password change
CVSS Score
7.1
EPSS Score
0.001
Published
2020-01-31
CVE-2020-8440
controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.
CVSS Score
9.8
EPSS Score
0.033
Published
2020-01-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved