National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 13 hours 51 min ago

CVE-2017-16567

Thu, 11/09/2017 - 21:29
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite."
Categories: Security News

CVE-2017-16568

Thu, 11/09/2017 - 21:29
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL.
Categories: Security News

CVE-2017-16633

Thu, 11/09/2017 - 21:29
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
Categories: Security News

CVE-2017-16634

Thu, 11/09/2017 - 21:29
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
Categories: Security News

CVE-2017-12779

Thu, 11/09/2017 - 21:29
The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
Categories: Security News

CVE-2017-12780

Thu, 11/09/2017 - 21:29
The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.
Categories: Security News

CVE-2017-12781

Thu, 11/09/2017 - 21:29
The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
Categories: Security News

CVE-2017-12782

Thu, 11/09/2017 - 21:29
The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Categories: Security News

CVE-2017-12783

Thu, 11/09/2017 - 21:29
The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Categories: Security News

CVE-2017-12800

Thu, 11/09/2017 - 21:29
The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
Categories: Security News

CVE-2017-12801

Thu, 11/09/2017 - 21:29
The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Categories: Security News

CVE-2017-12802

Thu, 11/09/2017 - 21:29
The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Categories: Security News

CVE-2017-12803

Thu, 11/09/2017 - 21:29
The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
Categories: Security News

CVE-2017-12969

Thu, 11/09/2017 - 21:29
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.
Categories: Security News

CVE-2017-11309

Thu, 11/09/2017 - 21:29
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
Categories: Security News

CVE-2017-11461

Thu, 11/09/2017 - 21:29
NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface.
Categories: Security News

CVE-2017-16758

Thu, 11/09/2017 - 17:29
Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter.
Categories: Security News

CVE-2017-16759

Thu, 11/09/2017 - 17:29
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
Categories: Security News

CVE-2017-16757

Thu, 11/09/2017 - 16:29
Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.
Categories: Security News

CVE-2017-16711

Thu, 11/09/2017 - 13:29
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.
Categories: Security News

Pages