Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2020
CVE-2019-14888
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-01-23
CVE-2019-16153
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-01-23
CVE-2019-18222
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.
CVSS Score
4.7
EPSS Score
0.001
Published
2020-01-23
CVE-2007-6758
Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-01-23
CVE-2019-3691
A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1.
CVSS Score
7.7
EPSS Score
0.001
Published
2020-01-23
CVE-2020-6843
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
CVSS Score
4.8
EPSS Score
0.019
Published
2020-01-23
CVE-2020-7931
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.
CVSS Score
8.8
EPSS Score
0.327
Published
2020-01-23
CVE-2013-6792
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability
CVSS Score
9.8
EPSS Score
0.028
Published
2020-01-23
CVE-2014-7238
The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-23
CVE-2016-1000237
sanitize-html before 1.4.3 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-01-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved