Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2017
CVE-2017-10903
Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.048
Published
2017-12-01
CVE-2017-11281
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVSS Score
9.8
EPSS Score
0.454
Published
2017-12-01
CVE-2017-11282
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVSS Score
9.8
EPSS Score
0.207
Published
2017-12-01
CVE-2017-11283
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
CVSS Score
9.8
EPSS Score
0.239
Published
2017-12-01
CVE-2017-11284
Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
CVSS Score
9.8
EPSS Score
0.239
Published
2017-12-01
CVE-2017-11285
Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
CVSS Score
6.1
EPSS Score
0.01
Published
2017-12-01
CVE-2017-11286
Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
CVSS Score
7.5
EPSS Score
0.013
Published
2017-12-01
CVE-2017-15607
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-12-01
CVE-2017-17083
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-12-01
CVE-2017-17084
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-12-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved