Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2020
CVE-2020-24348
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-08-13
CVE-2020-24349
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-08-13
CVE-2020-7360
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
CVSS Score
7.4
EPSS Score
0.001
Published
2020-08-13
CVE-2020-24342
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-08-13
CVE-2020-24343
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-08-13
CVE-2020-24344
JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
CVSS Score
7.1
EPSS Score
0.002
Published
2020-08-13
CVE-2020-24345
JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option
CVSS Score
7.8
EPSS Score
0.002
Published
2020-08-13
CVE-2020-24346
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-08-13
CVE-2020-24347
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-08-13
CVE-2020-24330
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved