Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2020-12773
A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool.
CVSS Score
9.6
EPSS Score
0.004
Published
2020-06-08
CVE-2020-13912
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.
CVSS Score
7.3
EPSS Score
0.007
Published
2020-06-07
CVE-2020-13909
The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021-43996 fix.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-07
CVE-2020-13910
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-06-07
CVE-2020-13904
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.
CVSS Score
5.5
EPSS Score
0.005
Published
2020-06-07
CVE-2020-13902
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.
CVSS Score
7.1
EPSS Score
0.003
Published
2020-06-07
CVE-2020-13897
HESK before 3.1.10 allows reflected XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-06-07
CVE-2020-13894
handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-07
CVE-2020-13895
Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-06-07
CVE-2020-13890
The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved