Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
CVE-2017-13265
A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423.
CVSS Score
7.3
EPSS Score
0.001
Published
2018-04-04
CVE-2017-13266
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941.
CVSS Score
9.8
EPSS Score
0.013
Published
2018-04-04
CVE-2017-13268
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.
CVSS Score
4.3
EPSS Score
0.0
Published
2018-04-04
CVE-2017-13269
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034.
CVSS Score
4.3
EPSS Score
0.0
Published
2018-04-04
CVE-2017-13270
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744.
CVSS Score
7.3
EPSS Score
0.001
Published
2018-04-04
CVE-2017-13271
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799.
CVSS Score
7.3
EPSS Score
0.001
Published
2018-04-04
CVE-2017-13272
In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-04-04
CVE-2017-18257
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-04-04
CVE-2018-0986
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.
CVSS Score
8.8
EPSS Score
0.767
Published
2018-04-04
CVE-2018-6873
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated.
CVSS Score
9.8
EPSS Score
0.039
Published
2018-04-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved