Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2017-0426 5.5 MEDIUM 1 PoC Analysis EPSS 0.00

Google Android - Information Disclosure

An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236.

CWE-200 Feb 08, 2017

CVE-2017-0425 5.5 MEDIUM EPSS 0.00

Google Android - Information Disclosure

An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785.

CWE-200 Feb 08, 2017

CVE-2017-0424 5.5 MEDIUM EPSS 0.00

Google Android - Information Disclosure

An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450.

CWE-200 Feb 08, 2017

CVE-2017-0423 5.3 MEDIUM EPSS 0.00

Google Android - Incorrect Permission Assignment

An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586.

CWE-732 Feb 08, 2017

CVE-2017-0421 5.5 MEDIUM EPSS 0.00

Google Android - Information Disclosure

An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637.

CWE-200 Feb 08, 2017

CVE-2017-0420 5.5 MEDIUM EPSS 0.00

Google Android - Information Disclosure

An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212.

CWE-200 Feb 08, 2017

CVE-2017-0414 5.5 MEDIUM EPSS 0.00

Google Android - Information Disclosure

An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795.

CWE-200 Feb 08, 2017

CVE-2017-0413 5.5 MEDIUM EPSS 0.00

Google Android - Information Disclosure

An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610.

CWE-200 Feb 08, 2017

CVE-2016-8414 4.7 MEDIUM EPSS 0.00

Android Kernel 3.10/3.18 - Info Disclosure

An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407.

CWE-200 Feb 08, 2017

CVE-2016-6495 5.9 MEDIUM EPSS 0.00

NetApp Data ONTAP <8.2.4P5 - Info Disclosure

NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.

CWE-200 Feb 07, 2017

CVE-2016-5372 6.3 MEDIUM EPSS 0.00

Netapp Snap Creator Framework < 4.3.0 - CSRF

Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.

CWE-352 Feb 07, 2017

CVE-2016-3124 5.3 MEDIUM EPSS 0.00

Simplesamlphp < 1.14.0 - Information Disclosure

The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors.

CWE-200 Feb 07, 2017

CVE-2016-6097 4.0 MEDIUM EPSS 0.00

IBM Tivoli Key Lifecycle Manager <2.7 - Info Disclosure

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.

CWE-200 Feb 07, 2017

CVE-2016-6096 6.1 MEDIUM EPSS 0.00

IBM Tivoli Key Lifecycle Manager <2.7 - XSS

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CWE-79 Feb 07, 2017

CVE-2016-6094 4.3 MEDIUM EPSS 0.00

IBM Tivoli Key Lifecycle Manager <2.7 - Info Disclosure

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data.

CWE-200 Feb 07, 2017

CVE-2016-6092 6.2 MEDIUM EPSS 0.00

IBM Tivoli Key Lifecycle Manager <2.7 - Info Disclosure

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user.

CWE-200 Feb 07, 2017

CVE-2016-3020 5.5 MEDIUM EPSS 0.00

IBM Security Access Manager For Web 7... - Improper Access Control

IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content.

CWE-284 Feb 07, 2017

CVE-2016-2781 4.6 MEDIUM EPSS 0.00

GNU Coreutils - Improper Input Validation

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

CWE-20 Feb 07, 2017

CVE-2015-5677 5.5 MEDIUM EPSS 0.00

bsnmpd - Info Disclosure

bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file.

CWE-200 Feb 07, 2017

CVE-2017-5595 5.5 MEDIUM 1 Writeup EPSS 0.00

Zoneminder < 1.30.0 - Information Disclosure

A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request.

CWE-200 Feb 06, 2017

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps