Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2017-13778
Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-30
CVE-2017-13762
ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-08-30
CVE-2017-13763
ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-08-30
CVE-2017-13757
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-08-29
CVE-2017-13758
In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-08-29
CVE-2017-13760
In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-08-29
CVE-2017-0379
Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c.
CVSS Score
7.5
EPSS Score
0.019
Published
2017-08-29
CVE-2017-13755
In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-08-29
CVE-2017-13756
In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-08-29
CVE-2016-0358
IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-08-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved