Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2017
CVE-2016-6872
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-02-17
CVE-2016-6873
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-02-17
CVE-2016-6874
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-02-17
CVE-2016-6875
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-02-17
CVE-2016-7111
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
CVSS Score
4.7
EPSS Score
0.003
Published
2017-02-17
CVE-2016-7510
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-02-17
CVE-2016-7511
Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-02-17
CVE-2014-9905
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-02-17
CVE-2016-5028
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-02-17
CVE-2016-5029
The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-02-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved