Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2020-11906
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.
CVSS Score
6.3
EPSS Score
0.005
Published
2020-06-17
CVE-2020-11907
The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.
CVSS Score
6.3
EPSS Score
0.007
Published
2020-06-17
CVE-2020-11908
The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.
CVSS Score
4.3
EPSS Score
0.006
Published
2020-06-17
CVE-2020-11909
The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.
CVSS Score
5.3
EPSS Score
0.021
Published
2020-06-17
CVE-2020-11896
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
CVSS Score
10.0
EPSS Score
0.339
Published
2020-06-17
CVE-2020-14213
In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
CVSS Score
5.4
EPSS Score
0.001
Published
2020-06-16
CVE-2020-14214
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-06-16
CVE-2020-14210
Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-06-16
CVE-2020-14212
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-06-16
CVE-2020-4052
In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. This has been patched in 2.4.107.
CVSS Score
6.3
EPSS Score
0.002
Published
2020-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved