National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 1 hour 26 min ago

CVE-2018-14943

Sun, 08/05/2018 - 14:29
Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.
Categories: Security News

CVE-2018-14944

Sun, 08/05/2018 - 14:29
An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write.
Categories: Security News

CVE-2018-14945

Sun, 08/05/2018 - 14:29
An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp.
Categories: Security News

CVE-2018-14946

Sun, 08/05/2018 - 14:29
An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete).
Categories: Security News

CVE-2018-14947

Sun, 08/05/2018 - 14:29
An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).
Categories: Security News

CVE-2018-14948

Sun, 08/05/2018 - 14:29
An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete).
Categories: Security News

CVE-2018-14950

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
Categories: Security News

CVE-2018-14951

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
Categories: Security News

CVE-2018-14952

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
Categories: Security News

CVE-2018-14953

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack.
Categories: Security News

CVE-2018-14954

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute.
Categories: Security News

CVE-2018-14955

Sun, 08/05/2018 - 14:29
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute).
Categories: Security News

CVE-2018-14938

Sat, 08/04/2018 - 23:29
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).
Categories: Security News

CVE-2018-14936

Sat, 08/04/2018 - 21:29
The Add page option in my little forum 2.4.12 allows XSS via the Title field.
Categories: Security News

CVE-2018-14937

Sat, 08/04/2018 - 21:29
The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.
Categories: Security News

CVE-2018-14933

Sat, 08/04/2018 - 15:29
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
Categories: Security News

CVE-2018-14417

Fri, 08/03/2018 - 21:29
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
Categories: Security News

CVE-2018-14473

Fri, 08/03/2018 - 21:29
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.
Categories: Security News

CVE-2018-14497

Fri, 08/03/2018 - 21:29
Tenda D152 ADSL routers allow XSS via a crafted SSID.
Categories: Security News

CVE-2018-14541

Fri, 08/03/2018 - 21:29
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
Categories: Security News

Pages