Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2020
CVE-2020-9361
CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-10-23
CVE-2019-14711
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.
CVSS Score
7.0
EPSS Score
0.0
Published
2020-10-23
CVE-2019-14712
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-10-23
CVE-2019-14713
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-10-23
CVE-2019-14715
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-10-23
CVE-2019-14716
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).
CVSS Score
6.6
EPSS Score
0.001
Published
2020-10-23
CVE-2019-14717
Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-10-23
CVE-2019-14718
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.
CVSS Score
6.7
EPSS Score
0.001
Published
2020-10-23
CVE-2018-8062
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-10-23
CVE-2020-15270
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-10-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved