Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2017
The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-03-21
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-03-21
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.
CVSS Score
9.8
EPSS Score
0.036
Published
2017-03-20
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.
CVSS Score
8.1
EPSS Score
0.004
Published
2017-03-20
Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-03-20
Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.
CVSS Score
8.8
EPSS Score
0.021
Published
2017-03-20
Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-20
XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-03-20
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
CVSS Score
7.1
EPSS Score
0.028
Published
2017-03-20
Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.023
Published
2017-03-20


Contact Us

Shodan ® - All rights reserved