Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2017
CVE-2017-7026
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-07-20
CVE-2017-6530
Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-07-20
CVE-2017-6531
On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-07-20
CVE-2017-6532
Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-07-20
CVE-2017-9785
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-07-20
CVE-2017-9822
Known exploited
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
CVSS Score
8.8
EPSS Score
0.943
Published
2017-07-20
CVE-2017-11469
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
CVSS Score
7.5
EPSS Score
0.072
Published
2017-07-20
CVE-2017-11470
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-07-20
CVE-2017-11471
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
CVSS Score
9.8
EPSS Score
0.015
Published
2017-07-20
CVE-2017-11472
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
CVSS Score
7.1
EPSS Score
0.001
Published
2017-07-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved