Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2017
CVE-2017-13069
QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.
CVSS Score
9.8
EPSS Score
0.057
Published
2017-10-06
CVE-2017-15079
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-10-06
CVE-2017-9272
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-10-06
CVE-2017-9273
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-10-06
CVE-2017-1002153
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-10-06
CVE-2017-13068
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.
CVSS Score
7.5
EPSS Score
0.012
Published
2017-10-06
CVE-2014-0047
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-10-06
CVE-2014-2903
CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-10-06
CVE-2015-1206
Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-10-06
CVE-2015-2158
Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.
CVSS Score
7.8
EPSS Score
0.006
Published
2017-10-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved