Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2017-1000422
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
CVSS Score
8.8
EPSS Score
0.013
Published
2018-01-02
CVE-2017-1000423
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.
CVSS Score
9.8
EPSS Score
0.017
Published
2018-01-02
CVE-2017-1000424
Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.
CVSS Score
4.3
EPSS Score
0.003
Published
2018-01-02
CVE-2017-1000430
rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions
CVSS Score
9.8
EPSS Score
0.005
Published
2018-01-02
CVE-2017-1000431
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-02
CVE-2017-1000419
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-01-02
CVE-2017-1000420
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite
CVSS Score
7.5
EPSS Score
0.003
Published
2018-01-02
CVE-2017-1000421
Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution
CVSS Score
9.8
EPSS Score
0.005
Published
2018-01-02
CVE-2017-1000418
The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVSS Score
7.8
EPSS Score
0.004
Published
2018-01-02
CVE-2017-1000456
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-01-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved