Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2017
CVE-2017-11445
Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-07-19
CVE-2017-11446
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-07-19
CVE-2017-11447
The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-07-19
CVE-2017-11448
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
CVSS Score
6.5
EPSS Score
0.007
Published
2017-07-19
CVE-2017-11449
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-07-19
CVE-2017-11450
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-07-19
CVE-2017-11456
Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.
CVSS Score
7.5
EPSS Score
0.082
Published
2017-07-19
CVE-2017-9245
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.
CVSS Score
7.5
EPSS Score
0.013
Published
2017-07-19
CVE-2017-11406
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-07-18
CVE-2017-11407
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.
CVSS Score
7.5
EPSS Score
0.012
Published
2017-07-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved