Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2020
CVE-2020-5922
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-08-26
CVE-2020-5923
In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-08-26
CVE-2020-5924
In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set.
CVSS Score
5.3
EPSS Score
0.005
Published
2020-08-26
CVE-2020-13410
An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-08-26
CVE-2020-15484
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-08-26
CVE-2020-16250
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
CVSS Score
8.2
EPSS Score
0.013
Published
2020-08-26
CVE-2020-16251
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
CVSS Score
8.2
EPSS Score
0.009
Published
2020-08-26
CVE-2020-5912
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-08-26
CVE-2019-18847
Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1.
CVSS Score
9.8
EPSS Score
0.026
Published
2020-08-26
CVE-2020-14498
HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
CVSS Score
9.6
EPSS Score
0.005
Published
2020-08-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved