Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2019-15510
ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 10 allows HTML injection on the user administration page via the description of a role.
CVSS Score
6.1
EPSS Score
0.038
Published
2020-03-23
CVE-2020-10593
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-03-23
CVE-2020-10660
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-03-23
CVE-2020-10661
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-03-23
CVE-2020-10592
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
CVSS Score
7.5
EPSS Score
0.02
Published
2020-03-23
CVE-2020-9752
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-03-23
CVE-2020-10818
Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field.
CVSS Score
7.2
EPSS Score
0.076
Published
2020-03-22
CVE-2020-10819
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.
CVSS Score
4.8
EPSS Score
0.242
Published
2020-03-22
CVE-2020-10820
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.
CVSS Score
4.8
EPSS Score
0.045
Published
2020-03-22
CVE-2020-10821
Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.
CVSS Score
4.8
EPSS Score
0.242
Published
2020-03-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved