Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2020
CVE-2019-3945
Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" being sent to control service with larger than expected date length.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-01
CVE-2020-11455
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
CVSS Score
9.8
EPSS Score
0.934
Published
2020-04-01
CVE-2020-11456
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
CVSS Score
5.4
EPSS Score
0.003
Published
2020-04-01
CVE-2020-11457
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
CVSS Score
5.4
EPSS Score
0.038
Published
2020-04-01
CVE-2020-11449
An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-01
CVE-2020-10231
TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.
CVSS Score
7.5
EPSS Score
0.014
Published
2020-04-01
CVE-2020-5391
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-04-01
CVE-2020-5392
A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-04-01
CVE-2020-6753
The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-04-01
CVE-2020-7947
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded.
CVSS Score
9.8
EPSS Score
0.018
Published
2020-04-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved