Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2020
CVE-2020-16846
Known exploited
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
CVSS Score
9.8
EPSS Score
0.944
Published
2020-11-06
CVE-2020-17490
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-11-06
CVE-2020-25592
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
CVSS Score
9.8
EPSS Score
0.582
Published
2020-11-06
CVE-2020-26521
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
CVSS Score
7.5
EPSS Score
0.007
Published
2020-11-06
CVE-2020-26892
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-11-06
CVE-2020-27152
An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka CID-77377064c3a9.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-11-06
CVE-2020-27616
ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-11-06
CVE-2020-27617
eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-11-06
CVE-2020-28196
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-11-06
CVE-2020-28249
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-11-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved