Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2017
CVE-2017-1000237
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-11-17
CVE-2017-1000246
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-11-17
CVE-2017-1000247
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000248
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
CVSS Score
9.8
EPSS Score
0.006
Published
2017-11-17
CVE-2017-1000172
Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition.
CVSS Score
9.8
EPSS Score
0.011
Published
2017-11-17
CVE-2017-1000173
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow.
CVSS Score
9.8
EPSS Score
0.011
Published
2017-11-17
CVE-2017-1000188
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000189
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()
CVSS Score
7.5
EPSS Score
0.009
Published
2017-11-17
CVE-2017-1000228
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
CVSS Score
9.8
EPSS Score
0.072
Published
2017-11-17
CVE-2017-1000238
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved