Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2017
CVE-2017-1000231
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-11-17
CVE-2017-1000232
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-11-17
CVE-2017-1000234
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter
CVSS Score
5.3
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000235
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
CVSS Score
9.8
EPSS Score
0.086
Published
2017-11-17
CVE-2017-1000236
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000237
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-11-17
CVE-2017-1000246
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-11-17
CVE-2017-1000247
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000248
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
CVSS Score
9.8
EPSS Score
0.005
Published
2017-11-17
CVE-2017-1000172
Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition.
CVSS Score
9.8
EPSS Score
0.011
Published
2017-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved