Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2018
CVE-2017-6932
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
CVSS Score
4.7
EPSS Score
0.004
Published
2018-03-01
CVE-2018-7634
An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mitigation while changing an e-mail address makes it possible to abuse the functionality by attackers. By making a CSRF attack, an attacker could make a victim change his registered e-mail address on the application, leading to account takeover.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-03-01
CVE-2017-15134
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
CVSS Score
7.5
EPSS Score
0.057
Published
2018-03-01
CVE-2017-18212
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-03-01
CVE-2018-7586
In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.
CVSS Score
7.5
EPSS Score
0.016
Published
2018-03-01
CVE-2018-7587
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-03-01
CVE-2018-7588
An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-03-01
CVE-2018-7589
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-03-01
CVE-2018-7590
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-03-01
CVE-2017-18209
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-03-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved