National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 8 hours 42 min ago

CVE-2019-7585

Thu, 02/07/2019 - 13:29
An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/PublicAction.class.php allows time-based SQL Injection via the param array parameter to the /index.php?m=public&a=checkemail URI.
Categories: Security News

CVE-2019-7580

Thu, 02/07/2019 - 12:29
ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code via the portal/admin_category/addpost.html alias parameter because the mishandling of a single quote character allows data/conf/route.php injection.
Categories: Security News

CVE-2019-7535

Thu, 02/07/2019 - 11:29
index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.
Categories: Security News

CVE-2018-1666

Thu, 02/07/2019 - 10:29
IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 through 7.5.2.18, 7.5.1.0 through 7.5.1.18, 7.5.0.0 through 7.5.0.19, and 7.7.0.0 through 7.7.1.3 could allow an authenticated user to inject arbitrary messages that would be displayed on the UI. IBM X-Force ID: 144892.
Categories: Security News

CVE-2019-4008

Thu, 02/07/2019 - 10:29
API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.
Categories: Security News

CVE-2019-7578 (simple_directmedia_layer)

Thu, 02/07/2019 - 02:29
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.
Categories: Security News

CVE-2019-7559

Thu, 02/07/2019 - 02:29
In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15, opening a specially crafted input file leads to an out of bounds write in pusht_bfr.
Categories: Security News

CVE-2019-7560 (boolector)

Thu, 02/07/2019 - 02:29
In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete.
Categories: Security News

CVE-2019-7566 (csz_cms)

Thu, 02/07/2019 - 02:29
CSZ CMS 1.1.8 has CSRF via admin/users/new/add.
Categories: Security News

CVE-2019-7567 (waimai_super_cms)

Thu, 02/07/2019 - 02:29
An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Member&a=adminaddsave has XSS via the username or password parameter.
Categories: Security News

CVE-2019-7568 (baijiacms)

Thu, 02/07/2019 - 02:29
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
Categories: Security News

CVE-2019-7569 (doyo)

Thu, 02/07/2019 - 02:29
An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). There is a CSRF vulnerability that can add a super administrator account via admin.php?c=a_adminuser&a=add&run=1.
Categories: Security News

CVE-2019-7570 (pbootcms)

Thu, 02/07/2019 - 02:29
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI.
Categories: Security News

CVE-2019-7572 (simple_directmedia_layer)

Thu, 02/07/2019 - 02:29
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.
Categories: Security News

CVE-2019-7573 (simple_directmedia_layer)

Thu, 02/07/2019 - 02:29
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop).
Categories: Security News

CVE-2019-7574 (simple_directmedia_layer)

Thu, 02/07/2019 - 02:29
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.
Categories: Security News

CVE-2019-7575 (simple_directmedia_layer)

Thu, 02/07/2019 - 02:29
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.
Categories: Security News

CVE-2019-7576 (simple_directmedia_layer)

Thu, 02/07/2019 - 02:29
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop).
Categories: Security News

CVE-2019-7577 (simple_directmedia_layer)

Thu, 02/07/2019 - 02:29
SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.
Categories: Security News

CVE-2018-20760 (gpac)

Wed, 02/06/2019 - 18:29
In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.
Categories: Security News

Pages