Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2020
CVE-2019-10786
network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.
CVSS Score
9.8
EPSS Score
0.014
Published
2020-02-04
CVE-2019-10787
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
CVSS Score
9.8
EPSS Score
0.033
Published
2020-02-04
CVE-2019-10788
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.
CVSS Score
9.8
EPSS Score
0.018
Published
2020-02-04
CVE-2019-12528
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
CVSS Score
7.5
EPSS Score
0.089
Published
2020-02-04
CVE-2020-8120
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-04
CVE-2020-8121
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
CVSS Score
8.1
EPSS Score
0.004
Published
2020-02-04
CVE-2020-8122
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-04
CVE-2020-8123
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
CVSS Score
4.9
EPSS Score
0.006
Published
2020-02-04
CVE-2020-8124
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-04
CVE-2020-8125
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona.
CVSS Score
9.8
EPSS Score
0.011
Published
2020-02-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved