Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2017
CVE-2016-3415
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
CVSS Score
9.1
EPSS Score
0.015
Published
2017-01-18
CVE-2016-3999
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-01-18
CVE-2016-4019
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477.
CVSS Score
7.5
EPSS Score
0.012
Published
2017-01-18
CVE-2016-6271
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
CVSS Score
7.5
EPSS Score
0.074
Published
2017-01-18
CVE-2016-6283
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
CVSS Score
6.1
EPSS Score
0.026
Published
2017-01-18
CVE-2016-6497
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
CVSS Score
7.5
EPSS Score
0.03
Published
2017-01-18
CVE-2016-9676
Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.062
Published
2017-01-18
CVE-2016-9677
Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-01-18
CVE-2016-9678
Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.035
Published
2017-01-18
CVE-2016-10147
crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).
CVSS Score
5.5
EPSS Score
0.001
Published
2017-01-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved