National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 13 hours 54 min ago

CVE-2017-1710

Mon, 11/13/2017 - 18:29
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.
Categories: Security News

CVE-2016-8610

Mon, 11/13/2017 - 17:29
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
Categories: Security News

CVE-2017-15525

Mon, 11/13/2017 - 17:29
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
Categories: Security News

CVE-2017-15526

Mon, 11/13/2017 - 17:29
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.
Categories: Security News

CVE-2017-16805

Mon, 11/13/2017 - 16:29
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.
Categories: Security News

CVE-2017-16806

Mon, 11/13/2017 - 16:29
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
Categories: Security News

CVE-2017-16807

Mon, 11/13/2017 - 16:29
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
Categories: Security News

CVE-2017-16808

Mon, 11/13/2017 - 16:29
tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.
Categories: Security News

CVE-2017-14020

Mon, 11/13/2017 - 15:29
An Uncontrolled Search Path Element issue was discovered in AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) versions 2.10 and prior, C-More Programming Software (Part Number EA9-PGMSW) versions 6.30 and prior, C-More Micro (Part Number EA-PGMSW) versions 4.20.01.0 and prior, GS Drives Configuration Software (Part Number GSOFT) versions 4.0.6 and prior, and SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) versions 1.1.0.5 and prior. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.
Categories: Security News

CVE-2017-14024

Mon, 11/13/2017 - 15:29
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges.
Categories: Security News

CVE-2017-16804

Mon, 11/13/2017 - 15:29
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.
Categories: Security News

CVE-2017-0889

Mon, 11/13/2017 - 12:29
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
Categories: Security News

CVE-2017-0904

Mon, 11/13/2017 - 12:29
The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.
Categories: Security News

CVE-2017-0905

Mon, 11/13/2017 - 12:29
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources.
Categories: Security News

CVE-2017-0906

Mon, 11/13/2017 - 12:29
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.
Categories: Security News

CVE-2017-0907

Mon, 11/13/2017 - 12:29
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.
Categories: Security News

CVE-2017-14388

Mon, 11/13/2017 - 12:29
Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.
Categories: Security News

CVE-2017-16803

Mon, 11/13/2017 - 12:29
In libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.
Categories: Security News

CVE-2017-16802

Mon, 11/13/2017 - 11:29
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
Categories: Security News

CVE-2017-3767

Mon, 11/13/2017 - 11:29
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.
Categories: Security News

Pages