Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2017-12183
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-01-24
CVE-2017-12184
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.009
Published
2018-01-24
CVE-2017-12185
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.009
Published
2018-01-24
CVE-2017-12186
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-01-24
CVE-2017-12187
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-01-24
CVE-2017-1000475
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
CVSS Score
7.8
EPSS Score
0.004
Published
2018-01-24
CVE-2017-15718
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-01-24
CVE-2017-1769
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-01-24
CVE-2018-1000018
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-24
CVE-2018-6184
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
CVSS Score
7.5
EPSS Score
0.502
Published
2018-01-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved