Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2020
CVE-2020-26936
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-11-26
CVE-2020-29042
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
CVSS Score
3.7
EPSS Score
0.003
Published
2020-11-26
CVE-2020-29043
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-11-26
CVE-2020-27207
Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.
CVSS Score
7.5
EPSS Score
0.006
Published
2020-11-26
CVE-2020-27662
In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).
CVSS Score
4.3
EPSS Score
0.002
Published
2020-11-26
CVE-2020-27663
In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).
CVSS Score
4.3
EPSS Score
0.002
Published
2020-11-26
CVE-2020-13886
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.
CVSS Score
5.3
EPSS Score
0.018
Published
2020-11-26
CVE-2020-7779
All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-11-26
CVE-2020-7778
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
CVSS Score
7.3
EPSS Score
0.011
Published
2020-11-26
CVE-2020-29128
petl before 1.68, in some configurations, allows resolution of entities in an XML document.
CVSS Score
9.8
EPSS Score
0.019
Published
2020-11-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved