Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2017
CVE-2017-1000190
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
CVSS Score
9.1
EPSS Score
0.004
Published
2017-11-17
CVE-2017-1000227
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can
CVSS Score
5.4
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000230
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-11-17
CVE-2017-16880
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-17
CVE-2017-4939
VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000215
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution
CVSS Score
9.8
EPSS Score
0.071
Published
2017-11-17
CVE-2017-14111
The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.
CVSS Score
7.2
EPSS Score
0.016
Published
2017-11-17
CVE-2017-16845
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVSS Score
10.0
EPSS Score
0.021
Published
2017-11-17
CVE-2017-6168
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.
CVSS Score
7.4
EPSS Score
0.681
Published
2017-11-17
CVE-2017-1000168
sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys
CVSS Score
6.5
EPSS Score
0.003
Published
2017-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved