Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2020
CVE-2018-21232
re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-04-29
CVE-2019-16653
An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to gain admin privileges.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-04-29
CVE-2017-18855
NETGEAR WNR854T devices before 1.5.2 are affected by command execution.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-04-29
CVE-2017-18856
NETGEAR ReadyNAS devices before 6.6.1 are affected by command injection.
CVSS Score
6.7
EPSS Score
0.002
Published
2020-04-29
CVE-2017-18853
Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier.
CVSS Score
9.6
EPSS Score
0.004
Published
2020-04-29
CVE-2017-18854
NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection.
CVSS Score
6.7
EPSS Score
0.002
Published
2020-04-29
CVE-2019-16652
The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands.
CVSS Score
7.2
EPSS Score
0.004
Published
2020-04-29
CVE-2019-7634
SUAP V2 allows XSS during the update of user information.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-04-29
CVE-2020-11884
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur.
CVSS Score
7.0
EPSS Score
0.001
Published
2020-04-29
CVE-2020-12246
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter.
CVSS Score
8.8
EPSS Score
0.046
Published
2020-04-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved