Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2017-0336 5.5 MEDIUM EPSS 0.00

Linux Kernel - Information Disclosure

An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33042679. References: N-CVE-2017-0336.

CWE-200 Mar 08, 2017

CVE-2017-0334 5.5 MEDIUM 1 PoC Analysis EPSS 0.00

Linux Kernel - Information Disclosure

An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.18. Android ID: A-33245849. References: N-CVE-2017-0334.

CWE-200 Mar 08, 2017

CVE-2016-8483 5.5 MEDIUM EPSS 0.00

Android Kernel 3.10 - Info Disclosure

An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. References: QC-CR#1035099.

CWE-200 Mar 08, 2017

CVE-2016-8478 4.7 MEDIUM EPSS 0.00

Android Kernel 3.18 - Info Disclosure

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206.

CWE-200 Mar 08, 2017

CVE-2016-8477 4.7 MEDIUM 1 PoC Analysis EPSS 0.00

Android Kernel 3.10/3.18 - Info Disclosure

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#1090007.

CWE-200 Mar 08, 2017

CVE-2016-8416 4.7 MEDIUM EPSS 0.00

Android Kernel 3.18 - Info Disclosure

An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206.

CWE-200 Mar 08, 2017

CVE-2016-8413 4.7 MEDIUM 1 PoC Analysis EPSS 0.00

Android Kernel 3.10/3.18 - Info Disclosure

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#518731.

CWE-200 Mar 08, 2017

CVE-2017-6518 6.1 MEDIUM EPSS 0.00

Sanadata Sanacms - XSS

Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter.

CWE-79 Mar 08, 2017

CVE-2016-9245 5.9 MEDIUM EPSS 0.01

F5 BIG-IP <12.1.2 - DoS

In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.

CWE-284 Mar 07, 2017

CVE-2017-6511 6.1 MEDIUM 1 Writeup EPSS 0.00

Finecms < 2017-02-10 - XSS

andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php.

CWE-79 Mar 07, 2017

CVE-2017-1133 5.4 MEDIUM EPSS 0.00

IBM QRadar 7.2 - XSS

IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.

CWE-79 Mar 07, 2017

CVE-2016-9730 4.3 MEDIUM EPSS 0.00

IBM Qradar Incident Forensics - CSRF

IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549.

CWE-352 Mar 07, 2017

CVE-2016-9729 6.5 MEDIUM EPSS 0.00

IBM Qradar Security Information And E... - Authentication Bypass

IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545.

CWE-287 Mar 07, 2017

CVE-2016-9725 5.3 MEDIUM EPSS 0.00

IBM Qradar Security Information And E... - Information Disclosure

IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539.

CWE-200 Mar 07, 2017

CVE-2016-9723 6.1 MEDIUM EPSS 0.00

IBM Qradar Incident Forensics - XSS

IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.

CWE-79 Mar 07, 2017

CVE-2016-9720 5.3 MEDIUM EPSS 0.00

IBM Qradar Incident Forensics - Information Disclosure

IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533.

CWE-200 Mar 07, 2017

CVE-2016-9693 6.1 MEDIUM EPSS 0.00

IBM Business Process Manager - Improper Input Validation

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655.

CWE-20 Mar 07, 2017

CVE-2016-8971 6.5 MEDIUM EPSS 0.00

IBM WebSphere MQ 8.0 - Memory Corruption

IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.

CWE-119 Mar 07, 2017

CVE-2017-6509 6.1 MEDIUM EPSS 0.00

Burgundy-cms < 2017-02-20 - XSS

Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter).

CWE-79 Mar 07, 2017

CVE-2016-7140 6.1 MEDIUM EPSS 0.00

Plone < 5.0.7 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 07, 2017

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps