Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2020-5962
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component, in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-06-24
CVE-2020-13248
BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-06-24
CVE-2020-15025
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
CVSS Score
4.4
EPSS Score
0.02
Published
2020-06-24
CVE-2020-15026
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.
CVSS Score
4.9
EPSS Score
0.005
Published
2020-06-24
CVE-2020-14473
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-06-24
CVE-2020-3962
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.
CVSS Score
8.2
EPSS Score
0.001
Published
2020-06-24
CVE-2020-11961
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-24
CVE-2020-14472
On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file.
CVSS Score
9.8
EPSS Score
0.011
Published
2020-06-24
CVE-2020-10561
An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities.
CVSS Score
9.8
EPSS Score
0.016
Published
2020-06-24
CVE-2020-11959
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved