Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2019-19023
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-03-20
CVE-2019-19025
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.
CVSS Score
8.8
EPSS Score
0.013
Published
2020-03-20
CVE-2019-19026
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.
CVSS Score
4.9
EPSS Score
0.006
Published
2020-03-20
CVE-2019-19029
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.
CVSS Score
7.2
EPSS Score
0.011
Published
2020-03-20
CVE-2019-19484
Open redirect via parameter ā€˜pā€™ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-03-20
CVE-2019-19486
Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-03-20
CVE-2019-19487
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test.
CVSS Score
8.8
EPSS Score
0.018
Published
2020-03-20
CVE-2020-9343
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array.
CVSS Score
6.5
EPSS Score
0.006
Published
2020-03-20
CVE-2020-9344
Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
CVSS Score
6.1
EPSS Score
0.37
Published
2020-03-20
CVE-2020-9345
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-03-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved