Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2017
CVE-2016-9991
IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314.
CVSS Score
8.0
EPSS Score
0.002
Published
2017-06-08
CVE-2017-1140
IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-06-08
CVE-2017-1179
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.
CVSS Score
5.9
EPSS Score
0.001
Published
2017-06-08
CVE-2017-1319
IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-06-08
CVE-2014-7919
b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash).
CVSS Score
7.5
EPSS Score
0.003
Published
2017-06-08
CVE-2016-4473
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
CVSS Score
9.8
EPSS Score
0.204
Published
2017-06-08
CVE-2016-5648
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
CVSS Score
5.3
EPSS Score
0.013
Published
2017-06-08
CVE-2016-6594
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-06-08
CVE-2016-3095
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-06-08
CVE-2016-3099
mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-06-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved