Shodan
Vulnerabilities
Vulnerable Software
Canonical:  Security Vulnerabilities
CVE-2015-5370
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.
CVSS Score
5.9
EPSS Score
0.242
Published
2016-04-25
CVE-2013-7449
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-04-21
CVE-2016-3427
Known exploited
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVSS Score
9.8
EPSS Score
0.936
Published
2016-04-21
CVE-2016-0668
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
CVSS Score
4.1
EPSS Score
0.004
Published
2016-04-21
CVE-2016-0665
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption.
CVSS Score
5.5
EPSS Score
0.002
Published
2016-04-21
CVE-2016-0661
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options.
CVSS Score
4.7
EPSS Score
0.002
Published
2016-04-21
CVE-2016-0642
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
CVSS Score
4.7
EPSS Score
0.004
Published
2016-04-21
CVE-2015-7802
gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
CVSS Score
5.5
EPSS Score
0.004
Published
2016-04-20
CVE-2015-7801
Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.
CVSS Score
8.8
EPSS Score
0.024
Published
2016-04-20
CVE-2015-8779
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVSS Score
9.8
EPSS Score
0.05
Published
2016-04-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved