Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2017
CVE-2017-5887
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).
CVSS Score
7.5
EPSS Score
0.002
Published
2017-04-06
CVE-2017-6130
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.
CVSS Score
7.4
EPSS Score
0.003
Published
2017-04-06
CVE-2017-6968
GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-04-06
CVE-2017-7192
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
CVSS Score
7.5
EPSS Score
0.002
Published
2017-04-06
CVE-2017-7452
The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-04-06
CVE-2017-7453
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-04-06
CVE-2017-7454
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-04-06
CVE-2017-7448
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed JPEG image.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-04-05
CVE-2017-7450
AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-04-05
CVE-2017-7446
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-04-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved