National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 2 hours 11 min ago

CVE-2017-8864

Wed, 11/22/2017 - 03:29
Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test.
Categories: Security News

CVE-2017-7550

Tue, 11/21/2017 - 12:29
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.
Categories: Security News

CVE-2015-3934

Tue, 11/21/2017 - 10:29
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login.
Categories: Security News

CVE-2017-16664

Tue, 11/21/2017 - 09:29
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attackeer can execute shell commands as the webserver user via URL manipulation.
Categories: Security News

CVE-2017-16923

Tue, 11/21/2017 - 09:29
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.
Categories: Security News

CVE-2017-5705

Tue, 11/21/2017 - 09:29
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.
Categories: Security News

CVE-2017-5706

Tue, 11/21/2017 - 09:29
Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.
Categories: Security News

CVE-2017-5707

Tue, 11/21/2017 - 09:29
Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.
Categories: Security News

CVE-2017-5708

Tue, 11/21/2017 - 09:29
Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.
Categories: Security News

CVE-2017-5709

Tue, 11/21/2017 - 09:29
Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.
Categories: Security News

CVE-2017-5710

Tue, 11/21/2017 - 09:29
Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector.
Categories: Security News

CVE-2017-5711

Tue, 11/21/2017 - 09:29
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
Categories: Security News

CVE-2017-5712

Tue, 11/21/2017 - 09:29
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.
Categories: Security News

CVE-2017-5719

Tue, 11/21/2017 - 09:29
A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.
Categories: Security News

CVE-2017-5729

Tue, 11/21/2017 - 09:29
Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle.
Categories: Security News

CVE-2017-15044

Tue, 11/21/2017 - 08:29
The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by modifying text. The default installation is unsafe because the server listens on the network interface, not the localhost interface.
Categories: Security News

CVE-2017-16613

Tue, 11/21/2017 - 08:29
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
Categories: Security News

CVE-2017-16920

Tue, 11/21/2017 - 08:29
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php.
Categories: Security News

CVE-2017-16840

Tue, 11/21/2017 - 03:29
The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.
Categories: Security News

CVE-2017-16919

Tue, 11/21/2017 - 03:29
MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description parameter.
Categories: Security News

Pages