Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2021
CVE-2020-25208
In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
CVE-2020-27222
In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-02-03
CVE-2020-27994
SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal.
CVSS Score
6.5
EPSS Score
0.019
Published
2021-02-03
CVE-2020-28001
SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.
CVSS Score
5.4
EPSS Score
0.016
Published
2021-02-03
CVE-2020-28653
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
CVSS Score
9.8
EPSS Score
0.887
Published
2021-02-03
CVE-2020-28895
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
CVSS Score
7.3
EPSS Score
0.004
Published
2021-02-03
CVE-2020-29582
In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-02-03
CVE-2020-2506
Known exploited
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
CVSS Score
7.3
EPSS Score
0.18
Published
2021-02-03
CVE-2020-2507
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.
CVSS Score
9.8
EPSS Score
0.046
Published
2021-02-03
CVE-2020-29163
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-02-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved