Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2020
CVE-2019-4668
IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250.
CVSS Score
6.2
EPSS Score
0.0
Published
2020-04-23
CVE-2019-4735
IBM MaaS360 3.96.62 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outside of the container. IBM X-Force ID: 172705.
CVSS Score
2.4
EPSS Score
0.001
Published
2020-04-23
CVE-2020-5571
SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-23
CVE-2020-12079
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.
CVSS Score
10.0
EPSS Score
0.006
Published
2020-04-23
CVE-2020-12077
The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.
CVSS Score
8.8
EPSS Score
0.717
Published
2020-04-23
CVE-2020-12071
Anchor 0.12.7 allows admins to cause XSS via crafted post content.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-04-23
CVE-2020-12073
The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests.
CVSS Score
9.1
EPSS Score
0.009
Published
2020-04-23
CVE-2020-12074
The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-04-23
CVE-2020-12075
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions.
CVSS Score
6.3
EPSS Score
0.004
Published
2020-04-23
CVE-2020-12076
The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS.
CVSS Score
9.6
EPSS Score
0.001
Published
2020-04-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved