Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2021
CVE-2020-16255
ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
CVSS Score
6.1
EPSS Score
0.004
Published
2021-01-15
CVE-2020-35749
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.
CVSS Score
7.7
EPSS Score
0.768
Published
2021-01-15
CVE-2020-35748
Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field in the data parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-01-15
CVE-2021-22166
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
CVSS Score
5.3
EPSS Score
0.002
Published
2021-01-15
CVE-2021-22167
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
CVSS Score
5.3
EPSS Score
0.002
Published
2021-01-15
CVE-2021-22168
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-01-15
CVE-2021-22171
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
CVSS Score
7.3
EPSS Score
0.001
Published
2021-01-15
CVE-2020-26414
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-01-15
CVE-2019-16961
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.
CVSS Score
5.4
EPSS Score
0.022
Published
2021-01-15
CVE-2020-35733
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-01-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved