National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 23 hours 32 min ago

CVE-2017-16546

Sun, 11/05/2017 - 17:29
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
Categories: Security News

CVE-2017-16542

Sun, 11/05/2017 - 12:29
Zoho ManageEngine Applications Manager 13 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
Categories: Security News

CVE-2017-16543

Sun, 11/05/2017 - 12:29
Zoho ManageEngine Applications Manager 13 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field.
Categories: Security News

CVE-2017-16540

Sat, 11/04/2017 - 15:29
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.
Categories: Security News

CVE-2017-16541

Sat, 11/04/2017 - 14:29
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.
Categories: Security News

CVE-2017-16539

Sat, 11/04/2017 - 13:29
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.
Categories: Security News

CVE-2017-16532

Fri, 11/03/2017 - 21:29
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16533

Fri, 11/03/2017 - 21:29
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16534

Fri, 11/03/2017 - 21:29
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16535

Fri, 11/03/2017 - 21:29
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16536

Fri, 11/03/2017 - 21:29
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16537

Fri, 11/03/2017 - 21:29
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16538

Fri, 11/03/2017 - 21:29
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via crafted system calls, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
Categories: Security News

CVE-2017-16525

Fri, 11/03/2017 - 21:29
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls, related to disconnection and failed setup.
Categories: Security News

CVE-2017-16526

Fri, 11/03/2017 - 21:29
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16527

Fri, 11/03/2017 - 21:29
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16528

Fri, 11/03/2017 - 21:29
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16529

Fri, 11/03/2017 - 21:29
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls.
Categories: Security News

CVE-2017-16530

Fri, 11/03/2017 - 21:29
The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.
Categories: Security News

CVE-2017-16531

Fri, 11/03/2017 - 21:29
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via crafted system calls that use a USB_DT_INTERFACE_ASSOCIATION descriptor.
Categories: Security News

Pages