Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2017
CVE-2017-1000038
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site
CVSS Score
6.1
EPSS Score
0.01
Published
2017-07-17
CVE-2017-1000039
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution
CVSS Score
9.8
EPSS Score
0.036
Published
2017-07-17
CVE-2017-1000042
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-17
CVE-2017-1000043
Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-17
CVE-2017-1000044
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering
CVSS Score
9.8
EPSS Score
0.017
Published
2017-07-17
CVE-2017-1000046
Mautic 2.6.1 and earlier fails to set flags on session cookies
CVSS Score
7.5
EPSS Score
0.003
Published
2017-07-17
CVE-2017-1000047
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution
CVSS Score
9.8
EPSS Score
0.03
Published
2017-07-17
CVE-2017-1000048
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-07-17
CVE-2017-1000050
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
CVSS Score
7.5
EPSS Score
0.016
Published
2017-07-17
CVE-2017-1000051
Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content
CVSS Score
6.1
EPSS Score
0.001
Published
2017-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved