Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
CVE-2020-14150
GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-06-15
CVE-2020-14152
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.
CVSS Score
7.1
EPSS Score
0.005
Published
2020-06-15
CVE-2020-14153
In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.
CVSS Score
7.1
EPSS Score
0.003
Published
2020-06-15
CVE-2020-14154
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
CVSS Score
4.8
EPSS Score
0.006
Published
2020-06-15
CVE-2020-14155
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-15
CVE-2018-21245
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.
CVSS Score
9.1
EPSS Score
0.003
Published
2020-06-15
CVE-2018-21246
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
CVSS Score
9.8
EPSS Score
0.007
Published
2020-06-15
CVE-2019-20838
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-06-15
CVE-2020-9076
HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-06-15
CVE-2020-13150
D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-06-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved