National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 15 hours 47 min ago

CVE-2015-7267

Mon, 11/27/2017 - 17:29
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack."
Categories: Security News

CVE-2015-7268

Mon, 11/27/2017 - 17:29
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack."
Categories: Security News

CVE-2015-7269

Mon, 11/27/2017 - 17:29
Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack."
Categories: Security News

CVE-2017-14746

Mon, 11/27/2017 - 17:29
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
Categories: Security News

CVE-2017-15275

Mon, 11/27/2017 - 17:29
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
Categories: Security News

CVE-2016-6024

Mon, 11/27/2017 - 16:29
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.
Categories: Security News

CVE-2017-1240

Mon, 11/27/2017 - 16:29
IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.
Categories: Security News

CVE-2017-1251

Mon, 11/27/2017 - 16:29
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.
Categories: Security News

CVE-2017-1283

Mon, 11/27/2017 - 16:29
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.
Categories: Security News

CVE-2017-1461

Mon, 11/27/2017 - 16:29
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128460.
Categories: Security News

CVE-2017-1484

Mon, 11/27/2017 - 16:29
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.
Categories: Security News

CVE-2017-1560

Mon, 11/27/2017 - 16:29
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131759.
Categories: Security News

CVE-2017-1570

Mon, 11/27/2017 - 16:29
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.
Categories: Security News

CVE-2017-1593

Mon, 11/27/2017 - 16:29
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132494.
Categories: Security News

CVE-2017-1607

Mon, 11/27/2017 - 16:29
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132927.
Categories: Security News

CVE-2017-1628

Mon, 11/27/2017 - 16:29
IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.
Categories: Security News

CVE-2017-1650

Mon, 11/27/2017 - 16:29
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133260.
Categories: Security News

CVE-2017-1678

Mon, 11/27/2017 - 16:29
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134000.
Categories: Security News

CVE-2017-1688

Mon, 11/27/2017 - 16:29
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134063.
Categories: Security News

CVE-2017-1689

Mon, 11/27/2017 - 16:29
IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134064.
Categories: Security News

Pages