Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2016
CVE-2016-1000118
XSS & SQLi in HugeIT slideshow v1.0.4
CVSS Score
7.2
EPSS Score
0.02
Published
2016-10-21
CVE-2016-1000117
XSS & SQLi in HugeIT slideshow v1.0.4
CVSS Score
7.2
EPSS Score
0.02
Published
2016-10-21
CVE-2016-1000116
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
CVSS Score
7.2
EPSS Score
0.004
Published
2016-10-21
CVE-2016-1000115
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
CVSS Score
7.2
EPSS Score
0.008
Published
2016-10-21
CVE-2016-2848
ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record.
CVSS Score
7.5
EPSS Score
0.513
Published
2016-10-21
CVE-2016-8666
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
CVSS Score
7.5
EPSS Score
0.035
Published
2016-10-16
CVE-2016-8660
The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."
CVSS Score
5.5
EPSS Score
0.001
Published
2016-10-16
CVE-2016-8658
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-10-16
CVE-2016-7425
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-10-16
CVE-2016-7097
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
CVSS Score
4.4
EPSS Score
0.001
Published
2016-10-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved