Exploit Intelligence Platform

CVE-2015-7702 6.5 MEDIUM EPSS 0.02

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

CWE-20 Aug 07, 2017

CVE-2017-12654 6.5 MEDIUM EPSS 0.00

The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.

CWE-772 Aug 07, 2017

CVE-2015-8621 5.5 MEDIUM EPSS 0.00

t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally.

CWE-264 Aug 07, 2017

CVE-2015-3839 5.5 MEDIUM 1 PoC Analysis EPSS 0.01

The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).

CWE-476 Aug 07, 2017

CVE-2009-5145 6.1 MEDIUM EPSS 0.01

Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.

CWE-79 Aug 07, 2017

CVE-2017-12649 6.1 MEDIUM EPSS 0.00

XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.

CWE-79 Aug 07, 2017

CVE-2017-12648 6.1 MEDIUM EPSS 0.00

XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.

CWE-79 Aug 07, 2017

CVE-2017-12647 6.1 MEDIUM EPSS 0.00

XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.

CWE-79 Aug 07, 2017

CVE-2017-12646 6.1 MEDIUM EPSS 0.00

XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.

CWE-79 Aug 07, 2017

CVE-2017-12645 6.1 MEDIUM EPSS 0.00

XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.

CWE-79 Aug 07, 2017

CVE-2016-10404 6.1 MEDIUM EPSS 0.00

XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.

CWE-79 Aug 07, 2017

CVE-2017-12643 6.5 MEDIUM 1 Writeup EPSS 0.01

ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.

CWE-770 Aug 07, 2017

CVE-2017-9647 6.6 MEDIUM EPSS 0.00

A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU.

CWE-119 Aug 07, 2017

CVE-2017-7936 6.3 MEDIUM EPSS 0.00

A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory.

CWE-119 Aug 07, 2017

CVE-2017-7932 6.0 MEDIUM EPSS 0.00

An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.

CWE-295 Aug 07, 2017

CVE-2017-7916 6.5 MEDIUM EPSS 0.00

A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted.

CWE-269 Aug 07, 2017

CVE-2017-6770 4.2 MEDIUM EPSS 0.01

Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic. The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router to flush its routing table and propagate the crafted OSPF LSA type 1 update throughout the OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast OSPF LSA type 1 packets. No other LSA type packets can trigger this vulnerability. OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability. Cisco Bug IDs: CSCva74756, CSCve47393, CSCve47401.

CWE-20 Aug 07, 2017

CVE-2017-6769 5.4 MEDIUM EPSS 0.00

A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCve70587. Known Affected Releases: 5.8(0.8) 5.8(1.5).

CWE-79 Aug 07, 2017

CVE-2017-6765 6.1 MEDIUM EPSS 0.00

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve19179.

CWE-79 Aug 07, 2017

CVE-2017-6764 5.4 MEDIUM EPSS 0.00

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd82064.

CWE-79 Aug 07, 2017