Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2022
CVE-2022-35013
PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at /linux/main.cpp.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-08-16
CVE-2022-35100
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via gfxline_getbbox at /lib/gfxtools.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-08-16
CVE-2020-10710
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password.
CVSS Score
4.4
EPSS Score
0.0
Published
2022-08-16
CVE-2020-10728
A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-16
CVE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
CVSS Score
6.1
EPSS Score
0.008
Published
2022-08-16
CVE-2020-14321
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
CVSS Score
8.8
EPSS Score
0.394
Published
2022-08-16
CVE-2020-14322
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-08-16
CVE-2020-14379
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.
CVSS Score
5.6
EPSS Score
0.0
Published
2022-08-16
CVE-2020-1755
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-08-16
CVE-2020-1756
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
CVSS Score
7.2
EPSS Score
0.007
Published
2022-08-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved