National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 21 hours 6 min ago

CVE-2018-7092

Mon, 08/06/2018 - 16:29
A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion.
Categories: Security News

CVE-2017-8989

Mon, 08/06/2018 - 16:29
A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.
Categories: Security News

CVE-2017-8990

Mon, 08/06/2018 - 16:29
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version.
Categories: Security News

CVE-2017-8991

Mon, 08/06/2018 - 16:29
HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.
Categories: Security News

CVE-2017-8992

Mon, 08/06/2018 - 16:29
HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.
Categories: Security News

CVE-2017-9000

Mon, 08/06/2018 - 16:29
ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise.
Categories: Security News

CVE-2017-9001

Mon, 08/06/2018 - 16:29
Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with "root" privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable.
Categories: Security News

CVE-2017-9002

Mon, 08/06/2018 - 16:29
All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser.
Categories: Security News

CVE-2017-9003

Mon, 08/06/2018 - 16:29
Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.
Categories: Security News

CVE-2018-13877

Mon, 08/06/2018 - 16:29
The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land, users cannot buy lands near that contract's land, because those purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors.
Categories: Security News

CVE-2018-14716

Mon, 08/06/2018 - 16:29
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
Categories: Security News

CVE-2018-5390

Mon, 08/06/2018 - 16:29
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
Categories: Security News

CVE-2018-7058

Mon, 08/06/2018 - 16:29
Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent.
Categories: Security News

CVE-2018-7059

Mon, 08/06/2018 - 16:29
Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with "mon" permission.
Categories: Security News

CVE-2018-7060

Mon, 08/06/2018 - 16:29
Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface.
Categories: Security News

CVE-2018-7068

Mon, 08/06/2018 - 16:29
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.
Categories: Security News

CVE-2018-7069

Mon, 08/06/2018 - 16:29
HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.
Categories: Security News

CVE-2018-7070

Mon, 08/06/2018 - 16:29
HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version.
Categories: Security News

CVE-2018-7071

Mon, 08/06/2018 - 16:29
HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3.
Categories: Security News

CVE-2018-7072

Mon, 08/06/2018 - 16:29
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.
Categories: Security News

Pages