National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 6 hours 21 min ago

CVE-2018-0353

Thu, 06/07/2018 - 08:29
A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. The WSA is vulnerable if it is configured for L4TM. Cisco Bug IDs: CSCvg78875.
Categories: Security News

CVE-2018-3715

Wed, 06/06/2018 - 22:29
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3716

Wed, 06/06/2018 - 22:29
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
Categories: Security News

CVE-2018-3717

Wed, 06/06/2018 - 22:29
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
Categories: Security News

CVE-2018-3718

Wed, 06/06/2018 - 22:29
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
Categories: Security News

CVE-2018-3719

Wed, 06/06/2018 - 22:29
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Categories: Security News

CVE-2018-3720

Wed, 06/06/2018 - 22:29
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Categories: Security News

CVE-2018-3721

Wed, 06/06/2018 - 22:29
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Categories: Security News

CVE-2018-3722

Wed, 06/06/2018 - 22:29
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Categories: Security News

CVE-2018-3723

Wed, 06/06/2018 - 22:29
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
Categories: Security News

CVE-2018-3724

Wed, 06/06/2018 - 22:29
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3725

Wed, 06/06/2018 - 22:29
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3726

Wed, 06/06/2018 - 22:29
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
Categories: Security News

CVE-2018-3727

Wed, 06/06/2018 - 22:29
626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3729

Wed, 06/06/2018 - 22:29
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3730

Wed, 06/06/2018 - 22:29
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3731

Wed, 06/06/2018 - 22:29
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3732

Wed, 06/06/2018 - 22:29
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.
Categories: Security News

CVE-2018-3735

Wed, 06/06/2018 - 22:29
bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template
Categories: Security News

CVE-2018-3736

Wed, 06/06/2018 - 22:29
https-proxy-agent passes unsanitized options to Buffer(arg) resulting in DoS and uninitialized memory leak.
Categories: Security News

Pages