National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 29 sec ago

CVE-2018-16287

Fri, 09/14/2018 - 17:29
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
Categories: Security News

CVE-2018-16288

Fri, 09/14/2018 - 17:29
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
Categories: Security News

CVE-2018-16706

Fri, 09/14/2018 - 17:29
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.
Categories: Security News

CVE-2017-16639

Fri, 09/14/2018 - 17:29
Tor Browser on Windows before 8.0 allows remote attackers to bypass the intended anonymity feature and discover a client IP address, a different vulnerability than CVE-2017-16541. User interaction is required to trigger this vulnerability.
Categories: Security News

CVE-2018-10763

Fri, 09/14/2018 - 17:29
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
Categories: Security News

CVE-2018-10814

Fri, 09/14/2018 - 17:29
Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials.
Categories: Security News

CVE-2018-12086

Fri, 09/14/2018 - 17:29
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
Categories: Security News

CVE-2018-12585

Fri, 09/14/2018 - 17:29
An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.
Categories: Security News

CVE-2018-16242

Fri, 09/14/2018 - 17:29
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
Categories: Security News

CVE-2018-16286

Fri, 09/14/2018 - 17:29
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
Categories: Security News

CVE-2018-11058

Fri, 09/14/2018 - 16:29
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.
Categories: Security News

CVE-2018-11087

Fri, 09/14/2018 - 16:29
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.
Categories: Security News

CVE-2018-17057

Fri, 09/14/2018 - 16:29
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Categories: Security News

CVE-2018-14638

Fri, 09/14/2018 - 15:29
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.
Categories: Security News

CVE-2018-0718

Fri, 09/14/2018 - 08:29
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
Categories: Security News

CVE-2018-1719

Fri, 09/14/2018 - 08:29
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292.
Categories: Security News

CVE-2018-1791

Fri, 09/14/2018 - 08:29
IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 148946.
Categories: Security News

CVE-2018-17044

Fri, 09/14/2018 - 03:29
In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.
Categories: Security News

CVE-2018-17045

Fri, 09/14/2018 - 03:29
An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update.
Categories: Security News

CVE-2018-17046

Fri, 09/14/2018 - 03:29
translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js.
Categories: Security News

Pages