Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2020
CVE-2020-12470
MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.
CVSS Score
7.2
EPSS Score
0.004
Published
2020-04-29
CVE-2020-12471
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.
CVSS Score
9.8
EPSS Score
0.033
Published
2020-04-29
CVE-2019-16011
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-04-29
CVE-2020-11023
Known exploited
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVSS Score
6.9
EPSS Score
0.218
Published
2020-04-29
CVE-2020-11024
In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-04-29
CVE-2020-12467
Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-04-29
CVE-2020-12468
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-04-29
CVE-2020-12472
MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-04-29
CVE-2020-12473
MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program.
CVSS Score
7.2
EPSS Score
0.005
Published
2020-04-29
CVE-2020-12465
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.
CVSS Score
6.7
EPSS Score
0.002
Published
2020-04-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved