National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 23 hours 20 min ago

CVE-2018-11710

Mon, 06/04/2018 - 09:29
soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation.
Categories: Security News

CVE-2018-11711

Mon, 06/04/2018 - 09:29
A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to the device.
Categories: Security News

CVE-2017-18284

Mon, 06/04/2018 - 02:29
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
Categories: Security News

CVE-2017-18285

Mon, 06/04/2018 - 02:29
The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.
Categories: Security News

CVE-2018-11683

Mon, 06/04/2018 - 02:29
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
Categories: Security News

CVE-2018-11684

Mon, 06/04/2018 - 02:29
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
Categories: Security News

CVE-2018-11685

Mon, 06/04/2018 - 02:29
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
Categories: Security News

CVE-2018-11692

Mon, 06/04/2018 - 02:29
An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus.
Categories: Security News

CVE-2018-11693

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Categories: Security News

CVE-2018-11694

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11695

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11696

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11697

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Categories: Security News

CVE-2018-11698

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Categories: Security News

CVE-2018-11629

Sat, 06/02/2018 - 09:29
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y.
Categories: Security News

CVE-2018-11681

Sat, 06/02/2018 - 09:29
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y.
Categories: Security News

CVE-2018-11682

Sat, 06/02/2018 - 09:29
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y.
Categories: Security News

CVE-2018-11679

Sat, 06/02/2018 - 08:29
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
Categories: Security News

CVE-2018-11680

Sat, 06/02/2018 - 08:29
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.
Categories: Security News

CVE-2018-11522

Fri, 06/01/2018 - 21:29
Yosoro 1.0.4 has stored XSS.
Categories: Security News

Pages