Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2020
CVE-2020-7829
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.005
Published
2020-07-30
CVE-2020-8221
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.
CVSS Score
4.9
EPSS Score
0.029
Published
2020-07-30
CVE-2020-8222
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.
CVSS Score
6.8
EPSS Score
0.009
Published
2020-07-30
CVE-2020-4185
IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-07-30
CVE-2020-4186
IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-07-30
CVE-2020-8192
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-07-30
CVE-2020-8202
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-07-30
CVE-2020-8204
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-30
CVE-2020-8206
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
CVSS Score
8.1
EPSS Score
0.015
Published
2020-07-30
CVE-2020-8213
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-07-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved