Shodan
Vulnerabilities
Vulnerable Software
Canonical:  Security Vulnerabilities
CVE-2020-10942
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-03-24
CVE-2020-1950
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
CVSS Score
5.5
EPSS Score
0.006
Published
2020-03-23
CVE-2020-1951
A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-03-23
CVE-2019-18860
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
CVSS Score
6.1
EPSS Score
0.018
Published
2020-03-20
CVE-2019-14855
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-03-20
CVE-2020-0556
Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access
CVSS Score
7.1
EPSS Score
0.002
Published
2020-03-12
CVE-2020-10531
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-03-12
CVE-2020-10108
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
CVSS Score
9.8
EPSS Score
0.055
Published
2020-03-12
CVE-2020-10109
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
CVSS Score
9.8
EPSS Score
0.031
Published
2020-03-12
CVE-2019-20503
usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.
CVSS Score
6.5
EPSS Score
0.011
Published
2020-03-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved