Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2017
CVE-2017-7919
An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator (URL).
CVSS Score
9.8
EPSS Score
0.013
Published
2017-07-03
CVE-2017-9248
Known exploited
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
CVSS Score
9.8
EPSS Score
0.878
Published
2017-07-03
CVE-2016-3400
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-07-03
CVE-2016-3997
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-07-03
CVE-2016-3998
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
CVSS Score
8.1
EPSS Score
0.004
Published
2017-07-03
CVE-2016-5045
NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup.
CVSS Score
8.1
EPSS Score
0.007
Published
2017-07-03
CVE-2016-6127
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-03
CVE-2016-6201
Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-03
CVE-2017-5361
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.
CVSS Score
5.9
EPSS Score
0.004
Published
2017-07-03
CVE-2017-5943
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-07-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved