Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2020
CVE-2020-26537
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.
CVSS Score
9.8
EPSS Score
0.0
Published
2020-10-02
CVE-2020-26538
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-10-02
CVE-2020-26539
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).
CVSS Score
9.8
EPSS Score
0.028
Published
2020-10-02
CVE-2020-26540
An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-10-02
CVE-2020-26523
Froala Editor before 3.2.2 allows XSS via pasted content.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-10-02
CVE-2020-26524
CodeLathe FileCloud before 20.2.0.11915 allows username enumeration.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-10-02
CVE-2020-26519
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
CVSS Score
5.5
EPSS Score
0.008
Published
2020-10-02
CVE-2020-26511
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-10-02
CVE-2020-26518
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
CVSS Score
9.8
EPSS Score
0.034
Published
2020-10-02
CVE-2020-5788
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action.
CVSS Score
6.5
EPSS Score
0.009
Published
2020-10-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved