Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2020-2135
Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-03-09
CVE-2020-2136
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-03-09
CVE-2020-2137
Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-03-09
CVE-2020-2138
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
7.1
EPSS Score
0.002
Published
2020-03-09
CVE-2019-10806
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-03-09
CVE-2020-4217
The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-03-09
CVE-2015-7344
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].
CVSS Score
4.8
EPSS Score
0.002
Published
2020-03-09
CVE-2015-7968
nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.
CVSS Score
6.4
EPSS Score
0.002
Published
2020-03-09
CVE-2020-9282
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-03-09
CVE-2015-7343
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-03-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved