Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2019-20191
Oxygen XML Editor 21.1.1 allows XXE to read any file.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-03-16
CVE-2019-20326
A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file.
CVSS Score
7.8
EPSS Score
0.04
Published
2020-03-16
CVE-2020-7982
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).
CVSS Score
8.1
EPSS Score
0.003
Published
2020-03-16
CVE-2020-8783
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4).
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-16
CVE-2020-8784
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4).
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-16
CVE-2020-8785
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4).
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-16
CVE-2020-8786
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4).
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-16
CVE-2019-19538
In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation.
CVSS Score
7.2
EPSS Score
0.015
Published
2020-03-16
CVE-2019-19610
An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows session fixation. Fixed in Release 24.2020.20608.0.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-03-16
CVE-2019-19612
An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several features of the application allow stored Cross-site Scripting (XSS). Fixed in Release 24.2020.20608.0.
CVSS Score
5.4
EPSS Score
0.005
Published
2020-03-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved