Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2017
CVE-2015-8764
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.
CVSS Score
8.1
EPSS Score
0.005
Published
2017-03-27
CVE-2016-10225
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
CVSS Score
7.8
EPSS Score
0.061
Published
2017-03-27
CVE-2016-4912
The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-03-27
CVE-2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
CVSS Score
7.5
EPSS Score
0.017
Published
2017-03-27
CVE-2017-6451
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-03-27
CVE-2017-6452
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-03-27
CVE-2017-6455
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.
CVSS Score
7.0
EPSS Score
0.001
Published
2017-03-27
CVE-2017-6458
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
CVSS Score
8.8
EPSS Score
0.049
Published
2017-03-27
CVE-2017-6459
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-03-27
CVE-2017-6460
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
CVSS Score
8.8
EPSS Score
0.009
Published
2017-03-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved