Exploit Intelligence Platform

CVE-2017-10806 5.5 MEDIUM EPSS 0.00

Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.

CWE-787 Aug 02, 2017

CVE-2015-5203 5.5 MEDIUM EPSS 0.00

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

CWE-415 Aug 02, 2017

CVE-2015-3642 5.9 MEDIUM EPSS 0.00

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

CWE-200 Aug 02, 2017

CVE-2015-2690 6.1 MEDIUM EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name, (3) add_license_last_name, (4) add_license_company, (5) add_license_address1, (6) add_license_address2, (7) add_license_city, (8) add_license_state, (9) add_license_post_code, (10) add_license_country, (11) add_license_phone, or (12) add_license_email parameter in an add-license-form page to admin/config.php.

CWE-79 Aug 02, 2017

CVE-2015-0194 6.5 MEDIUM EPSS 0.00

XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.

CWE-611 Aug 02, 2017

CVE-2012-5030 6.5 MEDIUM EPSS 0.00

Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects.

CWE-399 Aug 02, 2017

CVE-2017-1495 4.9 MEDIUM EPSS 0.00

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a privileged user to cause a memory dump that could contain highly sensitive information including access credentials. IBM X-Force ID: 128693.

CWE-119 Aug 02, 2017

CVE-2017-2285 6.1 MEDIUM EPSS 0.01

Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 02, 2017

CVE-2017-2284 6.1 MEDIUM EPSS 0.01

Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 02, 2017

CVE-2017-2282 6.8 MEDIUM EPSS 0.00

Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.

CWE-119 Aug 02, 2017

CVE-2017-2278 5.9 MEDIUM EPSS 0.00

The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CWE-295 Aug 02, 2017

CVE-2016-7845 6.5 MEDIUM EPSS 0.00

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing.

CWE-264 Aug 02, 2017

CVE-2016-7844 5.5 MEDIUM EPSS 0.00

GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template.

CWE-78 Aug 02, 2017

CVE-2017-12200 6.1 MEDIUM 1 Writeup EPSS 0.00

The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.

CWE-79 Aug 02, 2017

CVE-2017-12145 6.5 MEDIUM EPSS 0.00

In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file.

CWE-20 Aug 02, 2017

CVE-2017-12144 5.5 MEDIUM EPSS 0.00

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

CWE-770 Aug 02, 2017

CVE-2017-12143 6.5 MEDIUM EPSS 0.00

In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.

CWE-20 Aug 02, 2017

CVE-2017-12142 5.5 MEDIUM EPSS 0.00

In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

CWE-125 Aug 02, 2017

CVE-2017-12141 5.5 MEDIUM EPSS 0.00

In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

CWE-119 Aug 02, 2017

CVE-2017-12140 6.5 MEDIUM EPSS 0.01

The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.

CWE-681 Aug 02, 2017