Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2017
CVE-2016-7793
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.
CVSS Score
8.8
EPSS Score
0.021
Published
2017-01-19
CVE-2016-7794
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.
CVSS Score
9.8
EPSS Score
0.059
Published
2017-01-19
CVE-2016-9016
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-01-19
CVE-2016-5223
Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-01-19
CVE-2016-5224
A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-01-19
CVE-2016-5225
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-01-19
CVE-2016-5226
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-01-19
CVE-2016-9650
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-01-19
CVE-2016-5196
The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-01-19
CVE-2016-5197
The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-01-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved