Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2020
CVE-2020-7084
A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-04-17
CVE-2020-7085
A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.
CVSS Score
7.8
EPSS Score
0.005
Published
2020-04-17
CVE-2019-6203
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.
CVSS Score
9.8
EPSS Score
0.075
Published
2020-04-17
CVE-2020-11879
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-04-17
CVE-2020-11880
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-04-17
CVE-2020-7079
An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-04-17
CVE-2020-7080
A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.
CVSS Score
7.8
EPSS Score
0.005
Published
2020-04-17
CVE-2020-11877
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code
CVSS Score
7.5
EPSS Score
0.003
Published
2020-04-17
CVE-2020-11878
The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-04-17
CVE-2020-11876
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code
CVSS Score
7.5
EPSS Score
0.002
Published
2020-04-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved