Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2017
CVE-2016-5040
libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header.
CVSS Score
7.5
EPSS Score
0.01
Published
2017-02-17
CVE-2016-5042
The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.
CVSS Score
7.5
EPSS Score
0.01
Published
2017-02-17
CVE-2016-5043
The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section.
CVSS Score
7.5
EPSS Score
0.01
Published
2017-02-17
CVE-2016-5044
The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section.
CVSS Score
7.5
EPSS Score
0.01
Published
2017-02-17
CVE-2016-5364
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-02-17
CVE-2016-6189
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-02-17
CVE-2016-6190
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-02-17
CVE-2016-6191
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-02-17
CVE-2016-6252
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-02-17
CVE-2016-6870
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-02-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved