National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 18 hours 43 min ago

CVE-2018-1528

Mon, 08/06/2018 - 10:29
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290.
Categories: Security News

CVE-2018-1551

Mon, 08/06/2018 - 10:29
IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888.
Categories: Security News

CVE-2017-12614

Mon, 08/06/2018 - 09:29
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.
Categories: Security News

CVE-2018-14958

Sun, 08/05/2018 - 15:29
An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php.
Categories: Security News

CVE-2018-14959

Sun, 08/05/2018 - 15:29
An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI.
Categories: Security News

CVE-2018-14939

Sun, 08/05/2018 - 14:29
The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.
Categories: Security News

CVE-2018-14940

Sun, 08/05/2018 - 14:29
PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.
Categories: Security News

CVE-2018-14941

Sun, 08/05/2018 - 14:29
Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI.
Categories: Security News

CVE-2018-14942

Sun, 08/05/2018 - 14:29
Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data.
Categories: Security News

CVE-2018-14943

Sun, 08/05/2018 - 14:29
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.
Categories: Security News

CVE-2018-14944

Sun, 08/05/2018 - 14:29
An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write.
Categories: Security News

CVE-2018-14945

Sun, 08/05/2018 - 14:29
An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp.
Categories: Security News

CVE-2018-14946

Sun, 08/05/2018 - 14:29
An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete).
Categories: Security News

CVE-2018-14947

Sun, 08/05/2018 - 14:29
An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).
Categories: Security News

CVE-2018-14948

Sun, 08/05/2018 - 14:29
An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).
Categories: Security News

CVE-2018-14950

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
Categories: Security News

CVE-2018-14951

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
Categories: Security News

CVE-2018-14952

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
Categories: Security News

CVE-2018-14953

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
Categories: Security News

CVE-2018-14954

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
Categories: Security News

Pages