Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2020-6494
Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-06-03
CVE-2020-6495
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-06-03
CVE-2020-6496
Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.013
Published
2020-06-03
CVE-2011-1805
Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-06-03
CVE-2011-2863
Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-06-03
CVE-2020-13795
An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-06-03
CVE-2020-13796
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-03
CVE-2020-13797
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-03
CVE-2020-13798
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-03
CVE-2020-5295
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).
CVSS Score
4.8
EPSS Score
0.087
Published
2020-06-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved