Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2017
CVE-2016-5414
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-06-27
CVE-2016-6342
elog 3.1.1 allows remote attackers to post data as any username in the logbook.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-06-27
CVE-2016-7062
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-06-27
CVE-2017-2491
Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.
CVSS Score
8.8
EPSS Score
0.217
Published
2017-06-27
CVE-2017-9830
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.
CVSS Score
9.8
EPSS Score
0.109
Published
2017-06-27
CVE-2017-9841
Known exploited
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
CVSS Score
9.8
EPSS Score
0.944
Published
2017-06-27
CVE-2016-6083
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-06-27
CVE-2016-9738
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-06-27
CVE-2016-9972
IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208.
CVSS Score
5.9
EPSS Score
0.003
Published
2017-06-27
CVE-2017-1105
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.
CVSS Score
7.1
EPSS Score
0.001
Published
2017-06-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved