Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2020
CVE-2020-23811
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-03
CVE-2020-23814
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
CVSS Score
6.1
EPSS Score
0.007
Published
2020-09-03
CVE-2020-24158
360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-09-03
CVE-2020-24159
NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-09-03
CVE-2020-24160
Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-09-03
CVE-2020-24161
Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-09-03
CVE-2020-24162
The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-09-03
CVE-2020-24876
Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-09-03
CVE-2020-25102
silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is vulnerable to Cross-Site Scripting (XSS) because it is possible to inject and store malicious JavaScript code. The affects admin/advanced-reports/DataObjectReport/EditForm/field/DataObjectReport/item (aka report preview) when an SVG document is provided in the Description parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-09-03
CVE-2019-10679
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-09-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved