Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2017
CVE-2017-9725
In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-09-21
CVE-2015-0276
Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-09-21
CVE-2015-3296
Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-09-21
CVE-2015-4706
Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-09-21
CVE-2015-5284
ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-21
CVE-2015-8559
The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-09-21
CVE-2017-14160
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.
CVSS Score
8.8
EPSS Score
0.015
Published
2017-09-21
CVE-2017-14245
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
CVSS Score
8.1
EPSS Score
0.004
Published
2017-09-21
CVE-2017-14246
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.
CVSS Score
8.1
EPSS Score
0.003
Published
2017-09-21
CVE-2017-14635
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-09-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved