National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 11 hours 10 min ago

CVE-2018-0522

Fri, 03/09/2018 - 11:29
Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file.
Categories: Security News

CVE-2018-0523

Fri, 03/09/2018 - 11:29
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
Categories: Security News

CVE-2018-0524

Fri, 03/09/2018 - 11:29
Jubatus 1.0.2 and earlier allows remote code execution via unspecified vectors.
Categories: Security News

CVE-2018-0525

Fri, 03/09/2018 - 11:29
Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Categories: Security News

CVE-2018-0543

Fri, 03/09/2018 - 11:29
Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2018-0544

Fri, 03/09/2018 - 11:29
Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2018-0546

Fri, 03/09/2018 - 11:29
Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2018-0547

Fri, 03/09/2018 - 11:29
Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2018-7996

Fri, 03/09/2018 - 11:29
Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter.
Categories: Security News

CVE-2018-7997

Fri, 03/09/2018 - 11:29
Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript.
Categories: Security News

CVE-2016-9585

Fri, 03/09/2018 - 10:29
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.
Categories: Security News

CVE-2018-1071

Fri, 03/09/2018 - 10:29
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
Categories: Security News

CVE-2018-6916

Fri, 03/09/2018 - 10:29
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results.
Categories: Security News

CVE-2018-7894

Fri, 03/09/2018 - 10:29
Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_filter parameter (aka the Search Parameter).
Categories: Security News

CVE-2018-7995

Fri, 03/09/2018 - 10:29
Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck<cpu number> directory.
Categories: Security News

CVE-2018-1069

Fri, 03/09/2018 - 09:29
Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. An attacker could override the UserId and GroupId for GlusterFS and NFS to read and write any data on the network filesystem.
Categories: Security News

CVE-2018-7890

Thu, 03/08/2018 - 17:29
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager 13.5. The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.
Categories: Security News

CVE-2018-7889

Thu, 03/08/2018 - 16:29
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
Categories: Security News

CVE-2014-7271

Thu, 03/08/2018 - 15:29
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.
Categories: Security News

CVE-2014-7272

Thu, 03/08/2018 - 15:29
Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).
Categories: Security News

Pages