Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2020
CVE-2020-21266
Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-10-29
CVE-2020-5937
On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral denial-of-service (DoS) traffic.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-10-29
CVE-2020-5938
On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-10-29
CVE-2020-25516
WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-10-29
CVE-2020-27652
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVSS Score
8.3
EPSS Score
0.003
Published
2020-10-29
CVE-2020-27653
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVSS Score
8.3
EPSS Score
0.003
Published
2020-10-29
CVE-2020-27654
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
CVSS Score
9.8
EPSS Score
0.03
Published
2020-10-29
CVE-2020-27655
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
CVSS Score
6.5
EPSS Score
0.012
Published
2020-10-29
CVE-2020-27656
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-10-29
CVE-2020-27657
Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-10-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved