National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 17 hours 32 min ago

CVE-2017-10888

Fri, 11/17/2017 - 09:29
BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors.
Categories: Security News

CVE-2017-10889

Fri, 11/17/2017 - 09:29
TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.
Categories: Security News

CVE-2017-10890

Fri, 11/17/2017 - 09:29
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.
Categories: Security News

CVE-2017-4927

Fri, 11/17/2017 - 09:29
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
Categories: Security News

CVE-2017-4928

Fri, 11/17/2017 - 09:29
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.
Categories: Security News

CVE-2017-4929

Fri, 11/17/2017 - 09:29
VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.
Categories: Security News

CVE-2017-4934

Fri, 11/17/2017 - 09:29
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.
Categories: Security News

CVE-2017-4935

Fri, 11/17/2017 - 09:29
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.
Categories: Security News

CVE-2017-4936

Fri, 11/17/2017 - 09:29
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.
Categories: Security News

CVE-2017-4937

Fri, 11/17/2017 - 09:29
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.
Categories: Security News

CVE-2017-4938

Fri, 11/17/2017 - 09:29
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
Categories: Security News

CVE-2017-16868

Fri, 11/17/2017 - 04:29
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.
Categories: Security News

CVE-2017-16869

Fri, 11/17/2017 - 04:29
p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions.
Categories: Security News

CVE-2017-16870

Fri, 11/17/2017 - 04:29
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction.
Categories: Security News

CVE-2017-16871

Fri, 11/17/2017 - 04:29
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter.
Categories: Security News

CVE-2017-16872

Fri, 11/17/2017 - 04:29
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.
Categories: Security News

CVE-2017-1000125

Fri, 11/17/2017 - 00:29
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
Categories: Security News

CVE-2017-1000129

Fri, 11/17/2017 - 00:29
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
Categories: Security News

CVE-2017-1000158

Fri, 11/17/2017 - 00:29
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
Categories: Security News

CVE-2017-1000160

Fri, 11/17/2017 - 00:29
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
Categories: Security News

Pages