Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2017
CVE-2017-14108
libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.
CVSS Score
5.5
EPSS Score
0.006
Published
2017-09-05
CVE-2017-14140
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-09-05
CVE-2017-14135
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.
CVSS Score
9.8
EPSS Score
0.847
Published
2017-09-04
CVE-2017-14136
OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.
CVSS Score
6.5
EPSS Score
0.01
Published
2017-09-04
CVE-2017-14137
ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-09-04
CVE-2017-14138
ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-04
CVE-2017-14139
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-09-04
CVE-2017-14123
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.
CVSS Score
8.8
EPSS Score
0.044
Published
2017-09-04
CVE-2017-14126
The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.024
Published
2017-09-04
CVE-2017-14127
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.
CVSS Score
9.8
EPSS Score
0.135
Published
2017-09-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved