Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2017-14050
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-08-31
CVE-2017-14051
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.
CVSS Score
4.4
EPSS Score
0.001
Published
2017-08-31
CVE-2017-14039
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-08-30
CVE-2017-14040
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-08-30
CVE-2017-14041
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-08-30
CVE-2017-14042
A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-08-30
CVE-2017-14035
CrushFTP 8.x before 8.2.0 has a serialization vulnerability.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-08-30
CVE-2017-14036
CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-30
CVE-2017-14037
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-30
CVE-2017-14038
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.
CVSS Score
6.1
EPSS Score
0.001
Published
2017-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved