Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
CVE-2014-9980
In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-08-18
CVE-2014-9981
In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-08-18
CVE-2015-0574
In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-08-18
CVE-2015-0575
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.
CVSS Score
9.8
EPSS Score
0.001
Published
2017-08-18
CVE-2015-0576
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA.
CVSS Score
7.0
EPSS Score
0.001
Published
2017-08-18
CVE-2015-2675
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
CVSS Score
7.5
EPSS Score
0.031
Published
2017-08-18
CVE-2015-4071
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
CVSS Score
5.3
EPSS Score
0.126
Published
2017-08-18
CVE-2017-12589
ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-08-18
CVE-2017-12591
ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-08-18
CVE-2017-12592
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-08-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved