Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In 2017
CVE-2017-1000229
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-11-17
CVE-2017-1000231
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-11-17
CVE-2017-1000232
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-11-17
CVE-2017-1000234
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter
CVSS Score
5.3
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000235
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
CVSS Score
9.8
EPSS Score
0.116
Published
2017-11-17
CVE-2017-1000236
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000237
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-11-17
CVE-2017-1000246
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-11-17
CVE-2017-1000247
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000248
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis
CVSS Score
9.8
EPSS Score
0.006
Published
2017-11-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved