National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 12 hours 13 min ago

CVE-2018-15356

Fri, 08/17/2018 - 11:29
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
Categories: Security News

CVE-2018-15357

Fri, 08/17/2018 - 11:29
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
Categories: Security News

CVE-2018-15358

Fri, 08/17/2018 - 11:29
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
Categories: Security News

CVE-2018-15359

Fri, 08/17/2018 - 11:29
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
Categories: Security News

CVE-2018-15360

Fri, 08/17/2018 - 11:29
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.
Categories: Security News

CVE-2018-15355

Fri, 08/17/2018 - 10:29
Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118.
Categories: Security News

CVE-2018-15350

Fri, 08/17/2018 - 10:29
Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router.
Categories: Security News

CVE-2018-15351

Fri, 08/17/2018 - 10:29
Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118.
Categories: Security News

CVE-2018-15352

Fri, 08/17/2018 - 10:29
An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118.
Categories: Security News

CVE-2018-15353

Fri, 08/17/2018 - 10:29
A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.
Categories: Security News

CVE-2018-15354

Fri, 08/17/2018 - 10:29
A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118.
Categories: Security News

CVE-2018-3783

Fri, 08/17/2018 - 09:29
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.
Categories: Security News

CVE-2018-3784

Fri, 08/17/2018 - 09:29
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization.
Categories: Security News

CVE-2018-3785

Fri, 08/17/2018 - 09:29
A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.
Categories: Security News

CVE-2018-10873

Fri, 08/17/2018 - 08:29
A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
Categories: Security News

CVE-2018-5546

Fri, 08/17/2018 - 08:29
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.
Categories: Security News

CVE-2018-5547

Fri, 08/17/2018 - 08:29
Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges
Categories: Security News

CVE-2018-13435

Thu, 08/16/2018 - 16:29
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred.
Categories: Security News

CVE-2018-13446

Thu, 08/16/2018 - 16:29
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred.
Categories: Security News

CVE-2018-14567

Thu, 08/16/2018 - 16:29
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
Categories: Security News

Pages