Exploit Intelligence Platform

CVE-2017-9563 5.9 MEDIUM EPSS 0.00

fccb/id809930960 app 3.0.1 - Info Disclosure

The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CWE-295 Jun 16, 2017

CVE-2017-9562 5.9 MEDIUM EPSS 0.00

Meafinancial Freedom 1st Credit Union Mobile Banking - Improper Certificate Validation

The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CWE-295 Jun 16, 2017

CVE-2017-9561 5.9 MEDIUM EPSS 0.00

Lee Bank & Trust lbtc-mobile/id1068984753 - Info Disclosure

The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CWE-295 Jun 16, 2017

CVE-2017-9560 5.9 MEDIUM EPSS 0.00

cayuga-lake-national-bank/id1151601539 app 4.0.1 - Info Disclosure

The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CWE-295 Jun 16, 2017

CVE-2017-9559 5.9 MEDIUM EPSS 0.00

MEA Financial vision-bank/id420406345 - Info Disclosure

The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CWE-295 Jun 16, 2017

CVE-2017-9558 5.9 MEDIUM EPSS 0.00

Wawa Employees Credit Union Mobile <4.0.1 - XSS

The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CWE-295 Jun 16, 2017

CVE-2017-9419 6.1 MEDIUM EPSS 0.00

Webhammer WP Custom Fields Search <0.3.28 - XSS

Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.

CWE-79 Jun 15, 2017

CVE-2017-9674 5.4 MEDIUM EPSS 0.00

SimpleCE 2.3.0 - XSS

In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user.

CWE-79 Jun 15, 2017

CVE-2017-9613 5.4 MEDIUM EPSS 0.00

SAP SuccessFactors <b1705.1234962 - XSS

Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.

CWE-79 Jun 15, 2017

CVE-2017-9505 4.3 MEDIUM EPSS 0.00

Atlassian Confluence <6.2.1 - Info Disclosure

Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.

CWE-276 Jun 15, 2017

CVE-2017-8555 4.3 MEDIUM EPSS 0.06

Microsoft Edge - Improper Input Validation

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530.

CWE-20 Jun 15, 2017

CVE-2017-8553 4.7 MEDIUM EPSS 0.03

Microsoft Windows 8.1 - Information Disclosure

An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability".

CWE-200 Jun 15, 2017

CVE-2017-8551 6.1 MEDIUM EPSS 0.01

Microsoft Project Server - XSS

An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability".

CWE-79 Jun 15, 2017

CVE-2017-8550 5.4 MEDIUM 1 PoC Analysis EPSS 0.12

Microsoft Office - XSS

A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".

CWE-79 Jun 15, 2017

CVE-2017-8545 6.5 MEDIUM EPSS 0.13

Microsoft Outlook - Improper Input Validation

A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability".

CWE-20 Jun 15, 2017

CVE-2017-8544 5.5 MEDIUM EPSS 0.03

Microsoft Windows 10 - Information Disclosure

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability".

CWE-200 Jun 15, 2017

CVE-2017-8534 6.5 MEDIUM EPSS 0.17

Microsoft Office - Information Disclosure

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285.

CWE-200 Jun 15, 2017

CVE-2017-8533 6.5 MEDIUM EPSS 0.24

Microsoft Office - Information Disclosure

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532.

CWE-200 Jun 15, 2017

CVE-2017-8532 6.5 MEDIUM EPSS 0.22

Microsoft Office - Information Disclosure

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533.

CWE-200 Jun 15, 2017

CVE-2017-8531 6.5 MEDIUM EPSS 0.20

Microsoft Office - Information Disclosure

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533.

CWE-200 Jun 15, 2017

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps