Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2020
CVE-2020-25738
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-11-27
CVE-2020-29144
In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-11-27
CVE-2020-29145
In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins' browsers by using the beef framework.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-11-27
CVE-2020-29136
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
CVSS Score
6.5
EPSS Score
0.003
Published
2020-11-27
CVE-2020-29137
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
CVSS Score
6.1
EPSS Score
0.003
Published
2020-11-27
CVE-2020-29135
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
CVSS Score
4.1
EPSS Score
0.002
Published
2020-11-27
CVE-2020-29133
jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.
CVSS Score
6.1
EPSS Score
0.008
Published
2020-11-27
CVE-2020-12262
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.
CVSS Score
5.4
EPSS Score
0.028
Published
2020-11-27
CVE-2020-29129
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-11-26
CVE-2020-29130
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVSS Score
4.3
EPSS Score
0.004
Published
2020-11-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved