Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2020
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-01-23
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.
CVSS Score
9.8
EPSS Score
0.65
Published
2020-01-23
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
CVSS Score
7.9
EPSS Score
0.066
Published
2020-01-23
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-01-23
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
CVSS Score
7.8
EPSS Score
0.034
Published
2020-01-23
NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.047
Published
2020-01-23
WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload.
CVSS Score
9.8
EPSS Score
0.449
Published
2020-01-23
General Electric D20ME devices are not properly configured and reveal plaintext passwords.
CVSS Score
7.5
EPSS Score
0.231
Published
2020-01-23
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-23
An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.
CVSS Score
5.4
EPSS Score
0.005
Published
2020-01-23


Contact Us

Shodan ® - All rights reserved