Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
CVE-2017-0431
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-04-05
CVE-2017-0744
An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744.
CVSS Score
5.3
EPSS Score
0.0
Published
2018-04-05
CVE-2017-0748
An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-04-05
CVE-2017-0751
An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061.
CVSS Score
5.3
EPSS Score
0.0
Published
2018-04-05
CVE-2014-3413
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.
CVSS Score
9.8
EPSS Score
0.017
Published
2018-04-05
CVE-2018-4863
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
CVSS Score
5.5
EPSS Score
0.0
Published
2018-04-05
CVE-2018-9233
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-04-05
CVE-2016-8366
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.
CVSS Score
7.3
EPSS Score
0.116
Published
2018-04-05
CVE-2016-8371
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
CVSS Score
7.3
EPSS Score
0.243
Published
2018-04-05
CVE-2016-8380
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
CVSS Score
7.3
EPSS Score
0.243
Published
2018-04-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved