Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2017
CVE-2017-6839
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.013
Published
2017-03-20
CVE-2017-1151
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.
CVSS Score
8.1
EPSS Score
0.006
Published
2017-03-20
CVE-2017-1155
IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user's reports using a specially crafted HTTP request. IBM Reference #: 1999754.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-03-20
CVE-2017-5618
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
CVSS Score
7.8
EPSS Score
0.018
Published
2017-03-20
CVE-2017-5930
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
CVSS Score
2.7
EPSS Score
0.399
Published
2017-03-20
CVE-2017-5956
The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-03-20
CVE-2017-5987
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-03-20
CVE-2017-6058
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.
CVSS Score
7.5
EPSS Score
0.034
Published
2017-03-20
CVE-2017-6178
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-03-20
CVE-2017-6318
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-03-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved