Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - Known exploited
CVE-2016-3715
Known exploited
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
CVSS Score
5.5
EPSS Score
0.836
Published
2016-05-05
CVE-2016-3714
Known exploited
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVSS Score
8.4
EPSS Score
0.938
Published
2016-05-05
CVE-2016-3427
Known exploited
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVSS Score
9.8
EPSS Score
0.939
Published
2016-04-21
CVE-2016-0167
Known exploited
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165.
CVSS Score
7.8
EPSS Score
0.132
Published
2016-04-12
CVE-2016-0165
Known exploited
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167.
CVSS Score
7.8
EPSS Score
0.062
Published
2016-04-12
CVE-2016-0162
Known exploited
Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."
CVSS Score
4.3
EPSS Score
0.437
Published
2016-04-12
CVE-2016-0151
Known exploited
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."
CVSS Score
7.8
EPSS Score
0.324
Published
2016-04-12
CVE-2016-3976
Known exploited
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
CVSS Score
7.5
EPSS Score
0.763
Published
2016-04-07
CVE-2016-1019
Known exploited
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
CVSS Score
9.8
EPSS Score
0.58
Published
2016-04-07
CVE-2016-1646
Known exploited
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code.
CVSS Score
8.8
EPSS Score
0.669
Published
2016-03-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved