Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2018-1000003
Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
CVSS Score
3.7
EPSS Score
0.0
Published
2018-01-22
CVE-2018-5761
A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter.
CVSS Score
8.1
EPSS Score
0.001
Published
2018-01-22
CVE-2017-17858
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.
CVSS Score
7.8
EPSS Score
0.062
Published
2018-01-22
CVE-2018-1042
Moodle 3.x has Server Side Request Forgery in the filepicker.
CVSS Score
6.5
EPSS Score
0.173
Published
2018-01-22
CVE-2018-1043
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-01-22
CVE-2018-1044
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-01-22
CVE-2018-1045
In Moodle 3.x, there is XSS via a calendar event name.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-01-22
CVE-2016-10709
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
CVSS Score
8.8
EPSS Score
0.785
Published
2018-01-22
CVE-2017-18047
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
CVSS Score
9.8
EPSS Score
0.714
Published
2018-01-22
CVE-2018-5968
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
CVSS Score
8.1
EPSS Score
0.026
Published
2018-01-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved