Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2020
CVE-2020-24595
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-09-25
CVE-2020-24615
Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-09-25
CVE-2020-24621
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.
CVSS Score
8.8
EPSS Score
0.06
Published
2020-09-25
CVE-2020-24692
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-09-25
CVE-2020-24718
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.
CVSS Score
8.2
EPSS Score
0.001
Published
2020-09-25
CVE-2020-25203
The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-09-25
CVE-2020-25223
Known exploited
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
CVSS Score
9.8
EPSS Score
0.944
Published
2020-09-25
CVE-2018-10432
Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).
CVSS Score
7.5
EPSS Score
0.005
Published
2020-09-25
CVE-2018-10585
Pexip Infinity before 18 allows remote Denial of Service (XML parsing).
CVSS Score
7.5
EPSS Score
0.007
Published
2020-09-25
CVE-2019-7177
Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.
CVSS Score
7.2
EPSS Score
0.006
Published
2020-09-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved