Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2020
CVE-2019-15608
The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack.
CVSS Score
5.9
EPSS Score
0.005
Published
2020-03-15
CVE-2020-8141
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.
CVSS Score
8.8
EPSS Score
0.01
Published
2020-03-15
CVE-2020-10587
antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-03-14
CVE-2020-10577
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-03-14
CVE-2020-10578
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-03-14
CVE-2020-10573
An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-03-14
CVE-2020-10574
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-14
CVE-2020-10575
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.
CVSS Score
4.2
EPSS Score
0.003
Published
2020-03-14
CVE-2020-10576
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.
CVSS Score
5.9
EPSS Score
0.003
Published
2020-03-14
CVE-2020-10571
An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved