Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2018
CVE-2018-10316
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-04-24
CVE-2018-10318
Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-24
CVE-2018-10319
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-24
CVE-2018-10320
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-24
CVE-2016-9599
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.
CVSS Score
7.1
EPSS Score
0.002
Published
2018-04-24
CVE-2016-9601
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-04-24
CVE-2018-6491
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.
CVSS Score
8.1
EPSS Score
0.001
Published
2018-04-24
CVE-2018-10303
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-04-23
CVE-2017-7893
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-04-23
CVE-2018-1106
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
CVSS Score
5.5
EPSS Score
0.0
Published
2018-04-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved