Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2017
CVE-2017-1000128
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser
CVSS Score
5.5
EPSS Score
0.001
Published
2017-11-17
CVE-2017-1000217
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-11-17
CVE-2017-1000221
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000163
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.
CVSS Score
6.1
EPSS Score
0.018
Published
2017-11-17
CVE-2017-1000190
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
CVSS Score
9.1
EPSS Score
0.004
Published
2017-11-17
CVE-2017-1000227
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can
CVSS Score
5.4
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000230
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-11-17
CVE-2017-16880
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-17
CVE-2017-4939
VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000215
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution
CVSS Score
9.8
EPSS Score
0.071
Published
2017-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved