Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2017-1000497
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution
CVSS Score
9.8
EPSS Score
0.016
Published
2018-01-03
CVE-2017-1000498
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution
CVSS Score
7.8
EPSS Score
0.012
Published
2018-01-03
CVE-2017-1000499
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
CVSS Score
8.8
EPSS Score
0.105
Published
2018-01-03
CVE-2018-4862
In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-01-03
CVE-2018-4868
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.
CVSS Score
5.5
EPSS Score
0.004
Published
2018-01-03
CVE-2017-18017
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
CVSS Score
9.8
EPSS Score
0.381
Published
2018-01-03
CVE-2017-1000466
Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-01-03
CVE-2017-1000491
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-01-03
CVE-2017-1000492
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration
CVSS Score
6.1
EPSS Score
0.004
Published
2018-01-03
CVE-2017-1000493
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover
CVSS Score
9.8
EPSS Score
0.003
Published
2018-01-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved