Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2020
CVE-2020-27586
Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.
CVSS Score
5.9
EPSS Score
0.001
Published
2020-11-30
CVE-2020-27587
Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password.
CVSS Score
6.7
EPSS Score
0.001
Published
2020-11-30
CVE-2020-29395
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
CVSS Score
6.1
EPSS Score
0.387
Published
2020-11-30
CVE-2020-17901
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-11-30
CVE-2020-29394
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).
CVSS Score
7.8
EPSS Score
0.006
Published
2020-11-30
CVE-2020-6317
In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.
CVSS Score
2.6
EPSS Score
0.001
Published
2020-11-30
CVE-2020-8351
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-11-30
CVE-2020-25537
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-11-30
CVE-2020-28926
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
CVSS Score
9.8
EPSS Score
0.653
Published
2020-11-30
CVE-2020-29364
In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-11-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved