National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 21 min 45 sec ago

CVE-2018-6883

Sat, 02/24/2018 - 11:29
Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator.
Categories: Security News

CVE-2017-18198

Sat, 02/24/2018 - 01:29
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
Categories: Security News

CVE-2017-18199

Sat, 02/24/2018 - 01:29
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
Categories: Security News

CVE-2018-7452

Sat, 02/24/2018 - 01:29
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
Categories: Security News

CVE-2018-7453

Sat, 02/24/2018 - 01:29
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
Categories: Security News

CVE-2018-7454

Sat, 02/24/2018 - 01:29
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
Categories: Security News

CVE-2018-7455

Sat, 02/24/2018 - 01:29
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
Categories: Security News

CVE-2018-7456

Sat, 02/24/2018 - 01:29
A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)
Categories: Security News

CVE-2018-7434

Fri, 02/23/2018 - 22:29
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.
Categories: Security News

CVE-2018-7447

Fri, 02/23/2018 - 21:29
mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable.
Categories: Security News

CVE-2017-18197

Fri, 02/23/2018 - 21:29
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.
Categories: Security News

CVE-2017-14884

Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.
Categories: Security News

CVE-2017-14910

Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overread is possible if there are no newlines in an input file.
Categories: Security News

CVE-2017-15518

Fri, 02/23/2018 - 18:29
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.
Categories: Security News

CVE-2017-15817

Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.
Categories: Security News

CVE-2017-15820

Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.
Categories: Security News

CVE-2017-15829

Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.
Categories: Security News

CVE-2017-15860

Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.
Categories: Security News

CVE-2017-15861

Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.
Categories: Security News

CVE-2017-15862

Fri, 02/23/2018 - 18:29
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow.
Categories: Security News

Pages