Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2018
CVE-2017-12473
ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with "wrong L values."
CVSS Score
7.5
EPSS Score
0.004
Published
2018-02-07
CVE-2017-1692
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-02-07
CVE-2017-17552
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-02-07
CVE-2017-1785
IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote user to modify query parameters to obtain sensitive information. IBM X-Force ID: 136859.
CVSS Score
4.3
EPSS Score
0.001
Published
2018-02-07
CVE-2018-1366
IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. An attacker could exploit this vulnerability to exploit other vulnerabilities in spreadsheet software. IBM X-Force ID: 137452.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-02-07
CVE-2018-1382
IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138079.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-02-07
CVE-2018-1388
GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-02-07
CVE-2018-6824
Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an 'email:"attacker@example.com"' request, which can be followed by a password reset.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-07
CVE-2016-2540
Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure.
CVSS Score
5.5
EPSS Score
0.009
Published
2018-02-07
CVE-2016-2541
Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.
CVSS Score
5.5
EPSS Score
0.009
Published
2018-02-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved