Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2019-20820
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-06-04
CVE-2019-20821
An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-06-04
CVE-2019-20822
An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data.
CVSS Score
9.8
EPSS Score
0.0
Published
2020-06-04
CVE-2020-13692
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
CVSS Score
7.7
EPSS Score
0.025
Published
2020-06-04
CVE-2020-13765
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
CVSS Score
5.6
EPSS Score
0.007
Published
2020-06-04
CVE-2020-13791
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-06-04
CVE-2020-13800
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
CVSS Score
6.0
EPSS Score
0.001
Published
2020-06-04
CVE-2020-13811
An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-06-04
CVE-2019-16384
Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location is known and the user has permissions.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-06-04
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved