Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2016
CVE-2016-6352
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
CVSS Score
7.5
EPSS Score
0.018
Published
2016-10-03
CVE-2016-5432
The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.
CVSS Score
3.3
EPSS Score
0.001
Published
2016-10-03
CVE-2016-5398
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
CVSS Score
5.4
EPSS Score
0.002
Published
2016-10-03
CVE-2016-5019
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.
CVSS Score
9.8
EPSS Score
0.06
Published
2016-10-03
CVE-2016-1372
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.
CVSS Score
5.5
EPSS Score
0.033
Published
2016-10-03
CVE-2016-1371
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.
CVSS Score
5.5
EPSS Score
0.006
Published
2016-10-03
CVE-2016-1244
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.
CVSS Score
8.8
EPSS Score
0.099
Published
2016-10-03
CVE-2016-1243
Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.
CVSS Score
9.8
EPSS Score
0.276
Published
2016-10-03
CVE-2016-7445
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
CVSS Score
7.5
EPSS Score
0.02
Published
2016-10-03
CVE-2016-7442
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab.
CVSS Score
4.4
EPSS Score
0.0
Published
2016-10-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved