Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2017
CVE-2017-9374
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-06-16
CVE-2017-9375
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-06-16
CVE-2017-9503
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-06-16
CVE-2015-9056
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-06-16
CVE-2016-1000218
Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-06-16
CVE-2016-1000219
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-06-16
CVE-2016-1000220
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-06-16
CVE-2016-1000221
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-06-16
CVE-2016-1000222
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-06-16
CVE-2016-10362
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-06-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved