Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2020
CVE-2020-7128
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-11-04
CVE-2020-7129
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVSS Score
7.2
EPSS Score
0.054
Published
2020-11-04
CVE-2020-28049
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-11-04
CVE-2020-8036
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-04
CVE-2020-8037
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-11-04
CVE-2020-22274
JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-11-04
CVE-2020-22273
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)
CVSS Score
6.5
EPSS Score
0.001
Published
2020-11-04
CVE-2020-22277
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.
CVSS Score
8.0
EPSS Score
0.011
Published
2020-11-04
CVE-2020-22278
phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-11-04
CVE-2020-26167
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
CVSS Score
9.8
EPSS Score
0.03
Published
2020-11-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved