Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2017
CVE-2017-5067
An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSS Score
6.5
EPSS Score
0.007
Published
2017-10-27
CVE-2017-5068
Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-10-27
CVE-2017-5069
Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-10-27
CVE-2017-5070
Known exploited
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.745
Published
2017-10-27
CVE-2017-5071
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVSS Score
6.3
EPSS Score
0.008
Published
2017-10-27
CVE-2017-5072
Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-10-27
CVE-2017-5073
Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.009
Published
2017-10-27
CVE-2017-1220
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-10-26
CVE-2017-1222
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-10-26
CVE-2017-1225
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-10-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved