Exploit Intelligence Platform

CVE-2014-6393 6.1 MEDIUM EPSS 0.00

Express <3.11 & <4.5 - XSS

The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.

CWE-79 Aug 09, 2017

CVE-2014-5144 5.4 MEDIUM 1 PoC Analysis EPSS 0.01

Telescope < 0.9.0 - XSS

Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.

CWE-79 Aug 09, 2017

CVE-2015-5619 5.9 MEDIUM EPSS 0.00

Logstash <1.4.5-1.5.4 - Info Disclosure

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.

CWE-295 Aug 09, 2017

CVE-2017-5695 4.6 MEDIUM EPSS 0.00

Intel Ssd 540s 2.5" Firmware - Improper Input Validation

Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D allows local users to cause a denial of service via unspecified vectors.

CWE-20 Aug 09, 2017

CVE-2017-5694 4.6 MEDIUM EPSS 0.00

Intel Ssd Pro 6000p Firmware - Denial of Service

Data corruption vulnerability in firmware in Intel Solid-State Drive Professional PSF104P, PSF109P allows local users to cause a denial of service via unspecified vectors.

Aug 09, 2017

CVE-2017-8673 5.9 MEDIUM EPSS 0.23

Microsoft Windows 10 - Denial of Service

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability."

Aug 08, 2017

CVE-2017-8668 5.5 MEDIUM EPSS 0.03

Microsoft Windows 7 - Information Disclosure

The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability".

CWE-200 Aug 08, 2017

CVE-2017-8666 5.5 MEDIUM EPSS 0.03

Microsoft Windows 10 - Information Disclosure

Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability".

CWE-200 Aug 08, 2017

CVE-2017-8662 4.3 MEDIUM EPSS 0.13

Microsoft Edge - Information Disclosure

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8652.

CWE-200 Aug 08, 2017

CVE-2017-8659 4.3 MEDIUM EPSS 0.13

Microsoft Edge < 1.6.1 - Information Disclosure

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

CWE-200 Aug 08, 2017

CVE-2017-8654 5.4 MEDIUM EPSS 0.01

Microsoft Sharepoint Server - XSS

Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability".

CWE-79 Aug 08, 2017

CVE-2017-8652 6.5 MEDIUM 1 PoC Analysis EPSS 0.62

Microsoft Edge - Information Disclosure

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662.

CWE-200 Aug 08, 2017

CVE-2017-8650 5.4 MEDIUM EPSS 0.01

Microsoft Edge - Origin Validation Error

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".

CWE-346 Aug 08, 2017

CVE-2017-8644 4.3 MEDIUM 1 PoC Analysis EPSS 0.41

Microsoft Edge - Information Disclosure

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662.

CWE-200 Aug 08, 2017

CVE-2017-8642 6.1 MEDIUM EPSS 0.01

Microsoft Edge - XSS

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503.

CWE-79 Aug 08, 2017

CVE-2017-8637 5.3 MEDIUM EPSS 0.18

Microsoft Edge <Windows 10 1703 - Auth Bypass

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability".

Aug 08, 2017

CVE-2017-8627 4.7 MEDIUM EPSS 0.01

Microsoft Windows 10 - Memory Corruption

Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".

CWE-119 Aug 08, 2017

CVE-2017-8623 6.8 MEDIUM EPSS 0.01

Microsoft Windows 10 - Improper Input Validation

Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability".

CWE-20 Aug 08, 2017

CVE-2017-0174 6.5 MEDIUM EPSS 0.00

Microsoft Windows 10 - Denial of Service

Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability".

Aug 08, 2017

CVE-2017-3652 4.2 MEDIUM EPSS 0.00

MySQL <5.7.18 - SQL Injection

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).

Aug 08, 2017

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps