Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2019-19852
An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Call Event Logging report screen in the cel module at the admin/config.php?display=cel URI via date fields. This affects cel through 13.0.26.9, 14.x through 14.0.2.14, and 15.x through 15.0.15.4.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-03-16
CVE-2019-20491
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).
CVSS Score
5.4
EPSS Score
0.002
Published
2020-03-16
CVE-2020-6175
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-03-16
CVE-2020-7248
libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-03-16
CVE-2020-7919
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-03-16
CVE-2020-9472
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
CVSS Score
6.5
EPSS Score
0.022
Published
2020-03-16
CVE-2017-12842
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.
CVSS Score
7.5
EPSS Score
0.019
Published
2020-03-16
CVE-2019-18917
A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-03-16
CVE-2019-19212
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
CVSS Score
9.8
EPSS Score
0.011
Published
2020-03-16
CVE-2019-19461
Post-authentication Stored XSS in Team Password Manager through 7.93.204 allows attackers to steal other users' credentials by creating a shared password with HTML code as the title.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-03-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved