Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2017-13131
In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-08-23
CVE-2017-13132
In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-08-23
CVE-2017-13133
In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-08-23
CVE-2017-13134
In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
6.5
EPSS Score
0.014
Published
2017-08-23
CVE-2017-13130
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-08-23
CVE-2017-1422
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.
CVSS Score
3.3
EPSS Score
0.001
Published
2017-08-22
CVE-2015-5258
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-08-22
CVE-2015-6472
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
CVSS Score
9.8
EPSS Score
0.013
Published
2017-08-22
CVE-2015-6473
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
CVSS Score
9.8
EPSS Score
0.029
Published
2017-08-22
CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
CVSS Score
5.3
EPSS Score
0.0
Published
2017-08-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved