Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2020
CVE-2020-7704
The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor.
CVSS Score
9.8
EPSS Score
0.013
Published
2020-08-17
CVE-2020-24208
A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters.
CVSS Score
9.8
EPSS Score
0.035
Published
2020-08-17
CVE-2020-24220
ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-08-17
CVE-2020-24369
ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-08-17
CVE-2020-24370
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
CVSS Score
5.3
EPSS Score
0.027
Published
2020-08-17
CVE-2020-24371
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
CVSS Score
5.3
EPSS Score
0.005
Published
2020-08-17
CVE-2020-24372
LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-08-17
CVE-2020-9237
Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device.
CVSS Score
6.7
EPSS Score
0.0
Published
2020-08-17
CVE-2020-9241
Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device.
CVSS Score
7.0
EPSS Score
0.002
Published
2020-08-17
CVE-2020-13122
The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system.
CVSS Score
8.8
EPSS Score
0.075
Published
2020-08-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved