National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 15 hours 50 min ago

CVE-2017-17049

Tue, 11/28/2017 - 22:29
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\.\Viragtlt.
Categories: Security News

CVE-2017-17050

Tue, 11/28/2017 - 22:29
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\.\Viragtlt.
Categories: Security News

CVE-2017-17052

Tue, 11/28/2017 - 22:29
The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.
Categories: Security News

CVE-2017-17053

Tue, 11/28/2017 - 22:29
The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.
Categories: Security News

CVE-2017-17044

Tue, 11/28/2017 - 18:29
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.
Categories: Security News

CVE-2017-17045

Tue, 11/28/2017 - 18:29
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.
Categories: Security News

CVE-2017-17046

Tue, 11/28/2017 - 18:29
An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled.
Categories: Security News

CVE-2017-17043

Tue, 11/28/2017 - 17:29
The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
Categories: Security News

CVE-2017-17042

Tue, 11/28/2017 - 15:29
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
Categories: Security News

CVE-2017-9315

Tue, 11/28/2017 - 14:29
Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.
Categories: Security News

CVE-2017-15673

Tue, 11/28/2017 - 10:29
The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.
Categories: Security News

CVE-2017-16951

Tue, 11/28/2017 - 10:29
Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.
Categories: Security News

CVE-2017-16952

Tue, 11/28/2017 - 10:29
KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.
Categories: Security News

CVE-2016-10702

Tue, 11/28/2017 - 02:29
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary.
Categories: Security News

CVE-2017-14379

Tue, 11/28/2017 - 02:29
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Categories: Security News

CVE-2017-14389

Tue, 11/28/2017 - 02:29
An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."
Categories: Security News

CVE-2017-8001

Tue, 11/28/2017 - 02:29
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.
Categories: Security News

CVE-2017-8019

Tue, 11/28/2017 - 02:29
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.
Categories: Security News

CVE-2017-8020

Tue, 11/28/2017 - 02:29
An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server.
Categories: Security News

CVE-2016-10701

Mon, 11/27/2017 - 20:29
In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.
Categories: Security News

Pages