Shodan
Vulnerabilities
Vulnerable Software
Debian:  >> Debian Linux  >> 8.0  Security Vulnerabilities
CVE-2017-9062
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
CVSS Score
8.6
EPSS Score
0.017
Published
2017-05-18
CVE-2017-9063
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
CVSS Score
6.1
EPSS Score
0.014
Published
2017-05-18
CVE-2017-9064
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
CVSS Score
8.8
EPSS Score
0.013
Published
2017-05-18
CVE-2017-9065
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
CVSS Score
7.5
EPSS Score
0.035
Published
2017-05-18
CVE-2017-9066
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
CVSS Score
8.6
EPSS Score
0.014
Published
2017-05-18
CVE-2017-7493
Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-05-17
CVE-2017-8849
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-05-17
CVE-2017-7487
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-05-14
CVE-2017-8924
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.
CVSS Score
4.6
EPSS Score
0.001
Published
2017-05-12
CVE-2017-8925
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-05-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved