Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2015-1378
cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-08-07
CVE-2015-1555
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
CVSS Score
9.1
EPSS Score
0.003
Published
2017-08-07
CVE-2015-3839
The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).
CVSS Score
5.5
EPSS Score
0.005
Published
2017-08-07
CVE-2015-7561
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
CVSS Score
3.1
EPSS Score
0.001
Published
2017-08-07
CVE-2015-7875
ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-08-07
CVE-2015-7887
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.
CVSS Score
8.1
EPSS Score
0.001
Published
2017-08-07
CVE-2015-8621
t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-08-07
CVE-2017-12650
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-08-07
CVE-2017-12651
Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-08-07
CVE-2016-10404
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved