National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 14 hours 51 min ago

CVE-2018-11406

Wed, 06/13/2018 - 12:29
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
Categories: Security News

CVE-2018-3759

Wed, 06/13/2018 - 11:29
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address.
Categories: Security News

CVE-2018-12290

Wed, 06/13/2018 - 10:29
The Yii2-StateMachine extension v2.x.x for Yii2 has XSS.
Categories: Security News

CVE-2018-12291

Wed, 06/13/2018 - 10:29
The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.
Categories: Security News

CVE-2018-12292

Wed, 06/13/2018 - 10:29
A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3.
Categories: Security News

CVE-2018-1393

Wed, 06/13/2018 - 10:29
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378.
Categories: Security News

CVE-2018-1431

Wed, 06/13/2018 - 10:29
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240.
Categories: Security News

CVE-2011-4183

Wed, 06/13/2018 - 09:29
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.
Categories: Security News

CVE-2018-12272

Wed, 06/13/2018 - 09:29
xowl/request.php in Ximdex 4.0 has XSS via the content parameter.
Categories: Security News

CVE-2018-12273

Wed, 06/13/2018 - 09:29
The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter.
Categories: Security News

CVE-2018-5432

Wed, 06/13/2018 - 09:29
The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.
Categories: Security News

CVE-2018-5433

Wed, 06/13/2018 - 09:29
The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.
Categories: Security News

CVE-2018-5434

Wed, 06/13/2018 - 09:29
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1.
Categories: Security News

CVE-2018-12263

Wed, 06/13/2018 - 07:29
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI.
Categories: Security News

CVE-2018-12264

Wed, 06/13/2018 - 07:29
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
Categories: Security News

CVE-2018-12265

Wed, 06/13/2018 - 07:29
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
Categories: Security News

CVE-2018-12266

Wed, 06/13/2018 - 07:29
system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code.
Categories: Security News

CVE-2018-12268

Wed, 06/13/2018 - 07:29
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line.
Categories: Security News

CVE-2018-5849

Tue, 06/12/2018 - 16:29
Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur.
Categories: Security News

CVE-2018-5851

Tue, 06/12/2018 - 16:29
Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Categories: Security News

Pages