National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 1 hour 33 min ago

CVE-2018-11685

Mon, 06/04/2018 - 02:29
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
Categories: Security News

CVE-2018-11692

Mon, 06/04/2018 - 02:29
An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=DevStatus.
Categories: Security News

CVE-2018-11693

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Categories: Security News

CVE-2018-11694

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11695

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11696

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-11697

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Categories: Security News

CVE-2018-11698

Mon, 06/04/2018 - 02:29
An issue was discovered in LibSaas through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Categories: Security News

CVE-2018-11629

Sat, 06/02/2018 - 09:29
Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWorks QS Lutron integration protocol Revision M to Revision Y.
Categories: Security News

CVE-2018-11681

Sat, 06/02/2018 - 09:29
Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y.
Categories: Security News

CVE-2018-11682

Sat, 06/02/2018 - 09:29
Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revision M to Revision Y.
Categories: Security News

CVE-2018-11679

Sat, 06/02/2018 - 08:29
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.
Categories: Security News

CVE-2018-11680

Sat, 06/02/2018 - 08:29
An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate.
Categories: Security News

CVE-2018-11522

Fri, 06/01/2018 - 21:29
Yosoro 1.0.4 has stored XSS.
Categories: Security News

CVE-2018-11564

Fri, 06/01/2018 - 21:29
Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG format. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/poc.svg" that will point to http://localhost/pagekit/storage/poc.svg. When a user comes along to click that link, it will trigger a XSS attack.
Categories: Security News

CVE-2018-11175

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).
Categories: Security News

CVE-2018-11176

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).
Categories: Security News

CVE-2018-11177

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).
Categories: Security News

CVE-2018-11178

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).
Categories: Security News

CVE-2018-11179

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).
Categories: Security News

Pages