Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2021
CVE-2020-36248
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
CVSS Score
3.9
EPSS Score
0.0
Published
2021-02-19
CVE-2021-3339
ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.
CVSS Score
4.3
EPSS Score
0.029
Published
2021-02-19
CVE-2020-10252
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
CVSS Score
8.3
EPSS Score
0.006
Published
2021-02-19
CVE-2020-10254
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
CVSS Score
5.9
EPSS Score
0.003
Published
2021-02-19
CVE-2020-36249
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-02-19
CVE-2020-36250
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-02-19
CVE-2020-36251
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
CVSS Score
3.5
EPSS Score
0.002
Published
2021-02-19
CVE-2020-36252
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
CVSS Score
6.8
EPSS Score
0.001
Published
2021-02-19
CVE-2020-24908
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-02-19
CVE-2020-36247
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-02-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved