Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2020-2137
Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML formatting of its output, resulting in a stored XSS vulnerability exploitable by attackers with Overall/Administer permission.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-03-09
CVE-2020-2138
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS Score
7.1
EPSS Score
0.002
Published
2020-03-09
CVE-2019-10806
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-03-09
CVE-2020-4217
The IBM Spectrum Scale 4.2 and 5.0 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 175067.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-03-09
CVE-2015-7344
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].
CVSS Score
4.8
EPSS Score
0.002
Published
2020-03-09
CVE-2015-7968
nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.
CVSS Score
6.4
EPSS Score
0.002
Published
2020-03-09
CVE-2020-9282
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-03-09
CVE-2015-7343
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-03-09
CVE-2019-20504
service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter.
CVSS Score
9.8
EPSS Score
0.472
Published
2020-03-09
CVE-2016-11021
Known exploited
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.
CVSS Score
7.2
EPSS Score
0.904
Published
2020-03-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved