Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2017
CVE-2017-6276
NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android: A-63802421. References: N-CVE-2017-6276.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-12-06
CVE-2017-17440
GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.
CVSS Score
6.5
EPSS Score
0.01
Published
2017-12-06
CVE-2016-5713
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
CVSS Score
9.8
EPSS Score
0.011
Published
2017-12-06
CVE-2017-17439
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.
CVSS Score
7.5
EPSS Score
0.091
Published
2017-12-06
CVE-2017-13156
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
CVSS Score
7.8
EPSS Score
0.665
Published
2017-12-06
CVE-2017-13157
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-12-06
CVE-2017-13158
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-12-06
CVE-2017-13159
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-12-06
CVE-2017-13160
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362.
CVSS Score
9.8
EPSS Score
0.013
Published
2017-12-06
CVE-2017-13161
An elevation of privilege vulnerability in the Broadcom wireless driver. Product: Android. Versions: Android kernel. Android ID A-63930471. References: BC-V2017092501.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-12-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved