Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2020
CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-05-24
CVE-2020-13425
TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-05-23
CVE-2020-13424
The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure.
CVSS Score
6.5
EPSS Score
0.082
Published
2020-05-23
CVE-2020-13412
An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-05-22
CVE-2020-13413
An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-05-22
CVE-2020-13414
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-05-22
CVE-2020-13415
An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-05-22
CVE-2020-13416
An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-05-22
CVE-2020-13417
An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.
CVSS Score
9.8
EPSS Score
0.012
Published
2020-05-22
CVE-2020-12397
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-05-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved