Exploit Intelligence Platform

CVE-2017-9929 5.5 MEDIUM EPSS 0.00

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.

CWE-119 Jun 26, 2017

CVE-2017-9928 5.5 MEDIUM EPSS 0.00

In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.

CWE-119 Jun 26, 2017

CVE-2017-7416 6.1 MEDIUM 1 Writeup EPSS 0.00

ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.

CWE-79 Jun 26, 2017

CVE-2017-9870 5.5 MEDIUM EPSS 0.00

The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126.

CWE-125 Jun 25, 2017

CVE-2017-9869 5.5 MEDIUM 1 PoC Analysis EPSS 0.01

The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.

CWE-125 Jun 25, 2017

CVE-2015-9101 5.5 MEDIUM 1 Writeup EPSS 0.01

The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.

CWE-119 Jun 25, 2017

CVE-2015-9100 5.5 MEDIUM EPSS 0.00

The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

CWE-476 Jun 25, 2017

CVE-2015-9099 5.5 MEDIUM EPSS 0.00

The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate.

CWE-125 Jun 25, 2017

CVE-2017-9868 5.5 MEDIUM EPSS 0.00

In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.

CWE-200 Jun 25, 2017

CVE-2017-9865 5.5 MEDIUM EPSS 0.01

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.

CWE-125 Jun 25, 2017

CVE-2017-9847 5.5 MEDIUM EPSS 0.00

The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

CWE-125 Jun 24, 2017

CVE-2017-9836 4.8 MEDIUM EPSS 0.00

Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album).

CWE-79 Jun 24, 2017

CVE-2017-9832 6.8 MEDIUM EPSS 0.00

An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable.

CWE-190 Jun 24, 2017

CVE-2017-9831 6.8 MEDIUM EPSS 0.00

An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable.

CWE-190 Jun 24, 2017

CVE-2017-1349 5.5 MEDIUM EPSS 0.00

IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.

CWE-200 Jun 23, 2017

CVE-2017-1348 5.4 MEDIUM EPSS 0.00

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524.

CWE-79 Jun 23, 2017

CVE-2017-1302 5.5 MEDIUM EPSS 0.00

IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456.

CWE-200 Jun 23, 2017

CVE-2017-1193 6.5 MEDIUM EPSS 0.00

IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667.

CWE-200 Jun 23, 2017

CVE-2017-1132 5.4 MEDIUM EPSS 0.00

IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121418.

CWE-79 Jun 23, 2017

CVE-2017-1131 6.5 MEDIUM EPSS 0.00

IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375.

CWE-200 Jun 23, 2017