National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 21 hours 17 min ago

CVE-2018-10894

Wed, 08/01/2018 - 13:29
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.
Categories: Security News

CVE-2018-10896

Wed, 08/01/2018 - 13:29
The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.
Categories: Security News

CVE-2018-10897

Wed, 08/01/2018 - 13:29
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
Categories: Security News

CVE-2018-1595

Wed, 08/01/2018 - 13:29
IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622.
Categories: Security News

CVE-2016-8651

Wed, 08/01/2018 - 12:29
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.
Categories: Security News

CVE-2016-8654

Wed, 08/01/2018 - 12:29
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
Categories: Security News

CVE-2016-9572

Wed, 08/01/2018 - 12:29
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
Categories: Security News

CVE-2016-9579

Wed, 08/01/2018 - 12:29
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.
Categories: Security News

CVE-2016-9580

Wed, 08/01/2018 - 12:29
An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.
Categories: Security News

CVE-2017-5692

Wed, 08/01/2018 - 11:29
Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack.
Categories: Security News

CVE-2018-12466

Wed, 08/01/2018 - 11:29
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
Categories: Security News

CVE-2018-12467

Wed, 08/01/2018 - 11:29
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
Categories: Security News

CVE-2018-3650

Wed, 08/01/2018 - 11:29
Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.
Categories: Security News

CVE-2018-3662

Wed, 08/01/2018 - 11:29
Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.
Categories: Security News

CVE-2018-3663

Wed, 08/01/2018 - 11:29
Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information.
Categories: Security News

CVE-2018-3666

Wed, 08/01/2018 - 11:29
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.
Categories: Security News

CVE-2018-3670

Wed, 08/01/2018 - 11:29
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.
Categories: Security News

CVE-2018-3671

Wed, 08/01/2018 - 11:29
Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information.
Categories: Security News

CVE-2018-3672

Wed, 08/01/2018 - 11:29
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls.
Categories: Security News

CVE-2018-3921

Wed, 08/01/2018 - 11:29
A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerability and gain code execution.
Categories: Security News

Pages