Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2020
CVE-2017-1712
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."
CVSS Score
5.9
EPSS Score
0.002
Published
2020-07-01
CVE-2020-12603
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-07-01
CVE-2020-5900
In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-07-01
CVE-2020-7689
Data is truncated wrong when its length is greater than 255 bytes.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-07-01
CVE-2017-1659
"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
CVSS Score
6.1
EPSS Score
0.003
Published
2020-07-01
CVE-2020-15478
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
CVSS Score
7.5
EPSS Score
0.143
Published
2020-07-01
CVE-2020-6261
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-07-01
CVE-2020-15471
In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.
CVSS Score
9.1
EPSS Score
0.006
Published
2020-07-01
CVE-2020-15472
In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.
CVSS Score
9.1
EPSS Score
0.007
Published
2020-07-01
CVE-2020-15473
In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-07-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved