Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2018
CVE-2018-6519
The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-02-02
CVE-2018-6520
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-02
CVE-2018-6521
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-02-02
CVE-2018-6522
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-02-02
CVE-2018-6523
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-02-02
CVE-2018-6524
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-02-02
CVE-2018-6525
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-02-02
CVE-2017-2293
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy.
CVSS Score
4.9
EPSS Score
0.002
Published
2018-02-01
CVE-2017-2296
In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-02-01
CVE-2017-2297
Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-02-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved