National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 13 hours 42 min ago

CVE-2017-16904

Mon, 11/20/2017 - 14:29
The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator.
Categories: Security News

CVE-2017-16899

Mon, 11/20/2017 - 13:29
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.
Categories: Security News

CVE-2017-16902

Mon, 11/20/2017 - 13:29
On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.
Categories: Security News

CVE-2017-16898

Mon, 11/20/2017 - 12:29
The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264.
Categories: Security News

CVE-2017-9806

Mon, 11/20/2017 - 12:29
A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
Categories: Security News

CVE-2017-16896

Mon, 11/20/2017 - 11:29
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
Categories: Security News

CVE-2016-6804

Mon, 11/20/2017 - 10:29
The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon.
Categories: Security News

CVE-2017-11400

Mon, 11/20/2017 - 10:29
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. This occurs because the appliance_config file is signed but the .tar.sec file is unsigned.
Categories: Security News

CVE-2017-11401

Mon, 11/20/2017 - 10:29
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering.
Categories: Security News

CVE-2017-11402

Mon, 11/20/2017 - 10:29
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the firewall. The attack methodology is a crafted OPC dynamic port shift.
Categories: Security News

CVE-2017-16544

Mon, 11/20/2017 - 10:29
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
Categories: Security News

CVE-2017-15110

Mon, 11/20/2017 - 09:29
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.
Categories: Security News

CVE-2017-16894

Sun, 11/19/2017 - 20:29
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. The writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php does not restrict the .env permissions.
Categories: Security News

CVE-2017-16892

Sun, 11/19/2017 - 12:29
In Bftpd before 4.7, there is a memory leak in the file rename function.
Categories: Security News

CVE-2017-16882

Sat, 11/18/2017 - 13:29
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.
Categories: Security News

CVE-2017-16883

Sat, 11/18/2017 - 13:29
The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.
Categories: Security News

CVE-2017-16881

Sat, 11/18/2017 - 08:29
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java.
Categories: Security News

CVE-2017-14077

Fri, 11/17/2017 - 20:29
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.
Categories: Security News

CVE-2017-16566

Fri, 11/17/2017 - 18:29
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device.
Categories: Security News

CVE-2017-1000126

Fri, 11/17/2017 - 17:29
exiv2 0.26 contains a Stack out of bounds read in webp parser
Categories: Security News

Pages