Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2017
CVE-2016-2433
The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-04-21
CVE-2016-3067
Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-04-21
CVE-2016-3109
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.346
Published
2017-04-21
CVE-2016-3702
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-04-21
CVE-2016-5168
Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.096
Published
2017-04-21
CVE-2016-5399
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVSS Score
7.8
EPSS Score
0.212
Published
2017-04-21
CVE-2016-9954
The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-04-21
CVE-2017-8050
Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-04-21
CVE-2017-8051
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
CVSS Score
9.8
EPSS Score
0.531
Published
2017-04-21
CVE-2017-7994
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-04-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved