National Vulnerability Database
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 23 hours 41 min ago
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.
p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions.
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction.
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter.
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.