National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 18 hours 11 min ago

CVE-2019-5765 (chrome)

Tue, 02/19/2019 - 12:29
An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.
Categories: Security News

CVE-2019-8939 (tautulli)

Tue, 02/19/2019 - 11:29
data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.
Categories: Security News

CVE-2019-8935 (collabtive)

Tue, 02/19/2019 - 10:29
Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.
Categories: Security News

CVE-2019-3812

Tue, 02/19/2019 - 09:29
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
Categories: Security News

CVE-2019-8933

Mon, 02/18/2019 - 21:29
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php.
Categories: Security News

CVE-2019-7629

Mon, 02/18/2019 - 15:29
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
Categories: Security News

CVE-2019-8919

Mon, 02/18/2019 - 15:29
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
Categories: Security News

CVE-2019-8917

Mon, 02/18/2019 - 14:29
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user.
Categories: Security News

CVE-2019-8908

Mon, 02/18/2019 - 13:29
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.
Categories: Security News

CVE-2019-8909

Mon, 02/18/2019 - 13:29
An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.
Categories: Security News

CVE-2019-8910

Mon, 02/18/2019 - 13:29
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.
Categories: Security News

CVE-2019-8911

Mon, 02/18/2019 - 13:29
An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).
Categories: Security News

CVE-2019-8912

Mon, 02/18/2019 - 13:29
In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
Categories: Security News

CVE-2019-8906

Mon, 02/18/2019 - 12:29
do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.
Categories: Security News

CVE-2019-8907

Mon, 02/18/2019 - 12:29
do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-12159

Mon, 02/18/2019 - 12:29
Buffer overflow in the command-line interface for Intel(R) PROSet Wireless v20.50 and before may allow an authenticated user to potentially enable denial of service via local access.
Categories: Security News

CVE-2018-3700

Mon, 02/18/2019 - 12:29
Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access.
Categories: Security News

CVE-2019-0101

Mon, 02/18/2019 - 12:29
Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access.
Categories: Security News

CVE-2019-0102

Mon, 02/18/2019 - 12:29
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Categories: Security News

CVE-2019-0103

Mon, 02/18/2019 - 12:29
Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
Categories: Security News

Pages