Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2017
CVE-2017-9246
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-06-13
CVE-2017-9429
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-06-13
CVE-2017-9603
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
CVSS Score
8.8
EPSS Score
0.013
Published
2017-06-13
CVE-2016-3704
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-06-13
CVE-2016-5391
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
CVSS Score
7.5
EPSS Score
0.009
Published
2017-06-13
CVE-2015-3220
The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash).
CVSS Score
7.5
EPSS Score
0.008
Published
2017-06-13
CVE-2015-4596
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-06-13
CVE-2016-3696
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-06-13
CVE-2016-5411
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-06-13
CVE-2017-9552
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".
CVSS Score
7.8
EPSS Score
0.0
Published
2017-06-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved