Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2020
CVE-2020-29193
Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order).
CVSS Score
6.8
EPSS Score
0.001
Published
2020-12-28
CVE-2020-29194
Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-12-28
CVE-2020-35738
WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-12-28
CVE-2020-35736
GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused.
CVSS Score
7.5
EPSS Score
0.824
Published
2020-12-27
CVE-2020-29156
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.
CVSS Score
5.3
EPSS Score
0.131
Published
2020-12-27
CVE-2020-29249
CXUUCMS V3 allows class="layui-input" XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-12-27
CVE-2020-29250
CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-12-27
CVE-2020-29204
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-12-27
CVE-2020-29299
Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action. This affects VPN On-premise before ZLD V4.39 week38, VPN Orchestrator before SD-OS V10.03 week32, USG before ZLD V4.39 week38, USG FLEX before ZLD V4.55 week38, ATP before ZLD V4.55 week38, and NSG before 1.33 patch 4.
CVSS Score
7.2
EPSS Score
0.029
Published
2020-12-27
CVE-2020-35728
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
CVSS Score
8.1
EPSS Score
0.397
Published
2020-12-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved