Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2020
CVE-2020-35729
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
CVSS Score
9.8
EPSS Score
0.926
Published
2020-12-27
CVE-2020-35448
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
CVSS Score
3.3
EPSS Score
0.001
Published
2020-12-27
CVE-2020-7845
Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet.
CVSS Score
8.1
EPSS Score
0.022
Published
2020-12-27
CVE-2020-8289
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.
CVSS Score
7.8
EPSS Score
0.205
Published
2020-12-27
CVE-2020-8290
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-12-27
CVE-2020-35678
Autobahn|Python before 20.12.3 allows redirect header injection.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-12-27
CVE-2020-29203
struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-12-26
CVE-2020-35242
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-12-26
CVE-2020-35243
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-12-26
CVE-2020-35244
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-12-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved