Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2017-1110
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-08-29
CVE-2017-13715
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.
CVSS Score
9.8
EPSS Score
0.057
Published
2017-08-29
CVE-2017-1376
A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-08-29
CVE-2017-1489
IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-29
CVE-2017-2242
Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-29
CVE-2017-2254
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
CVSS Score
4.9
EPSS Score
0.004
Published
2017-08-29
CVE-2017-2255
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
CVSS Score
5.4
EPSS Score
0.003
Published
2017-08-29
CVE-2017-2256
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
CVSS Score
5.4
EPSS Score
0.003
Published
2017-08-29
CVE-2017-2257
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-29
CVE-2017-2258
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
CVSS Score
4.3
EPSS Score
0.013
Published
2017-08-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved