Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2016-8577 6.0 MEDIUM EPSS 0.00

QEMU - Memory Corruption

Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.

CWE-772 Nov 04, 2016

CVE-2016-8576 6.0 MEDIUM EPSS 0.00

QEMU - DoS

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

CWE-770 Nov 04, 2016

CVE-2016-9189 5.5 MEDIUM EPSS 0.00

Pillow <3.3.2 - Info Disclosure

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.

CWE-190 Nov 04, 2016

CVE-2016-9188 6.1 MEDIUM EPSS 0.00

Moodle CMS <=3.1.2 - XSS

Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.

CWE-79 Nov 04, 2016

CVE-2016-9185 4.3 MEDIUM EPSS 0.01

OpenStack Heat <=5.0.3, >=6.0.0 <=6.1.0, ==7.0.0 - SSRF

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

CWE-200 Nov 04, 2016

CVE-2016-6454 6.5 MEDIUM EPSS 0.00

Cisco Hosted Collaboration Mediation Fulfillment - CSRF

A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216).

CWE-352 Nov 03, 2016

CVE-2016-6451 6.1 MEDIUM EPSS 0.00

Cisco Prime Collaboration Provisioning - XSS

Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCut43061 CSCut43066 CSCut43736 CSCut43738 CSCut43741 CSCut43745 CSCut43748 CSCut43751 CSCut43756 CSCut43759 CSCut43764 CSCut43766. Known Affected Releases: 10.6.

CWE-79 Nov 03, 2016

CVE-2016-6429 6.1 MEDIUM EPSS 0.00

Cisco IPICS - XSS

A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. More Information: CSCva47092. Known Affected Releases: 4.10(1).

CWE-79 Nov 03, 2016

CVE-2016-9086 6.5 MEDIUM EPSS 0.13

GitLab <8.13.0 - Path Traversal

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions prior to 8.13.0 restricted this feature to administrators only. Starting with version 8.13.0 this feature was made available to all users. This feature did not properly check for symbolic links in user-provided archives and therefore it was possible for an authenticated user to retrieve the contents of any file accessible to the GitLab service account. This included sensitive files such as those that contain secret tokens used by the GitLab service to authenticate users. GitLab CE and EE versions 8.13.0 through 8.13.2, 8.12.0 through 8.12.7, 8.11.0 through 8.11.10, 8.10.0 through 8.10.12, and 8.9.0 through 8.9.11 are affected.

CWE-200 Nov 03, 2016

CVE-2016-4025 5.5 MEDIUM EPSS 0.00

Avast - Auth Bypass

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.

CWE-254 Nov 03, 2016

CVE-2016-8879 6.5 MEDIUM EPSS 0.00

Foxit Reader & PhantomPDF <8.1 - DoS

The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap Corruption" issue.

CWE-787 Oct 31, 2016

CVE-2016-8875 5.3 MEDIUM EPSS 0.00

Foxit Reader & PhantomPDF <8.1 (Win) - DoS

The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ConvertToPDF_x86!CreateFXPDFConvertor."

CWE-125 Oct 31, 2016

CVE-2016-7965 6.5 MEDIUM EPSS 0.00

Dokuwiki < 2016-06-26a - Improper Input Validation

DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server).

CWE-20 Oct 31, 2016

CVE-2016-9118 5.3 MEDIUM EPSS 0.01

OpenJPEG 2.1.2 - Buffer Overflow

Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.

CWE-119 Oct 30, 2016

CVE-2016-9117 6.5 MEDIUM EPSS 0.01

OpenJPEG 2.1.2 - DoS

NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

CWE-476 Oct 30, 2016

CVE-2016-9116 6.5 MEDIUM EPSS 0.01

OpenJPEG 2.1.2 - DoS

NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

CWE-476 Oct 30, 2016

CVE-2016-9115 6.5 MEDIUM EPSS 0.00

OpenJPEG 2.1.2 - Memory Corruption

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.

CWE-119 Oct 30, 2016

CVE-2016-5920 5.4 MEDIUM EPSS 0.00

IBM FTM <3.0.0.x-3.0.1.0 - XSS

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Oct 29, 2016

CVE-2016-3060 5.7 MEDIUM EPSS 0.00

IBM Financial Transaction Manager - Improper Access Control

Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

CWE-284 Oct 29, 2016

CVE-2016-4394 6.5 MEDIUM EPSS 0.00

HPE System Management Homepage <7.6 - Info Disclosure

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.

CWE-254 Oct 28, 2016

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps