Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2020
CVE-2019-19721
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.
CVSS Score
7.8
EPSS Score
0.013
Published
2020-05-15
CVE-2019-20389
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-05-15
CVE-2019-20390
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.
CVSS Score
8.1
EPSS Score
0.002
Published
2020-05-15
CVE-2020-12651
SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX.
CVSS Score
9.8
EPSS Score
0.085
Published
2020-05-15
CVE-2020-12798
Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-05-15
CVE-2020-12888
The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-05-15
CVE-2020-12889
MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-05-15
CVE-2020-11524
libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
CVSS Score
6.6
EPSS Score
0.005
Published
2020-05-15
CVE-2020-11525
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
CVSS Score
2.2
EPSS Score
0.017
Published
2020-05-15
CVE-2020-11526
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.
CVSS Score
2.2
EPSS Score
0.002
Published
2020-05-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved