Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2020
CVE-2019-12524
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-04-15
CVE-2019-20651
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16.
CVSS Score
8.1
EPSS Score
0.002
Published
2020-04-15
CVE-2019-20652
NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information.
CVSS Score
7.9
EPSS Score
0.001
Published
2020-04-15
CVE-2019-20653
Certain NETGEAR devices are affected by denial of service. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4.
CVSS Score
7.4
EPSS Score
0.002
Published
2020-04-15
CVE-2019-20654
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4.
CVSS Score
4.3
EPSS Score
0.004
Published
2020-04-15
CVE-2020-11789
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10.
CVSS Score
8.3
EPSS Score
0.036
Published
2020-04-15
CVE-2020-11790
NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers.
CVSS Score
9.4
EPSS Score
0.06
Published
2020-04-15
CVE-2020-11791
NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS.
CVSS Score
5.2
EPSS Score
0.004
Published
2020-04-15
CVE-2020-11792
NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-04-15
CVE-2020-3953
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-04-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved