Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2017
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.
CVSS Score
6.0
EPSS Score
0.001
Published
2017-01-23
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-01-23
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-01-23
Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.
CVSS Score
8.8
EPSS Score
0.043
Published
2017-01-23
Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-01-23
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
CVSS Score
9.8
EPSS Score
0.078
Published
2017-01-23
Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-01-23
Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet.
CVSS Score
9.8
EPSS Score
0.061
Published
2017-01-23
Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-01-23
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
CVSS Score
9.8
EPSS Score
0.86
Published
2017-01-23


Contact Us

Shodan ® - All rights reserved