National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 9 hours 36 min ago

CVE-2018-16780

Mon, 09/10/2018 - 00:29
Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment.
Categories: Security News

CVE-2018-16781

Mon, 09/10/2018 - 00:29
ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table.
Categories: Security News

CVE-2018-16782

Mon, 09/10/2018 - 00:29
libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c.
Categories: Security News

CVE-2018-16768

Mon, 09/10/2018 - 00:29
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end.
Categories: Security News

CVE-2018-16769

Mon, 09/10/2018 - 00:29
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled.
Categories: Security News

CVE-2018-16770

Mon, 09/10/2018 - 00:29
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails.
Categories: Security News

CVE-2018-16771

Mon, 09/10/2018 - 00:29
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
Categories: Security News

CVE-2018-16772

Mon, 09/10/2018 - 00:29
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
Categories: Security News

CVE-2018-16773

Mon, 09/10/2018 - 00:29
EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field.
Categories: Security News

CVE-2018-16774

Mon, 09/10/2018 - 00:29
HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete.
Categories: Security News

CVE-2018-16764

Mon, 09/10/2018 - 00:29
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read.
Categories: Security News

CVE-2018-16765

Mon, 09/10/2018 - 00:29
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_.
Categories: Security News

CVE-2018-16766

Mon, 09/10/2018 - 00:29
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.
Categories: Security News

CVE-2018-16767

Mon, 09/10/2018 - 00:29
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand.
Categories: Security News

CVE-2018-16759

Sun, 09/09/2018 - 17:29
The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event.
Categories: Security News

CVE-2018-16761

Sun, 09/09/2018 - 17:29
Eventum before 3.4.0 has an open redirect vulnerability.
Categories: Security News

CVE-2018-16762

Sun, 09/09/2018 - 17:29
FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items.
Categories: Security News

CVE-2018-16763

Sun, 09/09/2018 - 17:29
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.
Categories: Security News

CVE-2018-16749

Sun, 09/09/2018 - 11:29
In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
Categories: Security News

CVE-2018-16750

Sun, 09/09/2018 - 11:29
In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.
Categories: Security News

Pages