Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2018-21264
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-06-19
CVE-2020-13277
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5
CVSS Score
6.3
EPSS Score
0.035
Published
2020-06-19
CVE-2020-3972
VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.
CVSS Score
3.3
EPSS Score
0.0
Published
2020-06-19
CVE-2020-14926
CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-06-19
CVE-2020-14927
Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-06-19
CVE-2020-8162
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
CVSS Score
7.5
EPSS Score
0.015
Published
2020-06-19
CVE-2020-8164
A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.
CVSS Score
7.5
EPSS Score
0.059
Published
2020-06-19
CVE-2020-8184
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-06-19
CVE-2019-20889
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-06-19
CVE-2019-20890
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved