National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 14 hours 50 min ago

CVE-2017-14913

Fri, 03/30/2018 - 11:29
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated.
Categories: Security News

CVE-2017-14915

Fri, 03/30/2018 - 11:29
In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition.
Categories: Security News

CVE-2017-9681

Fri, 03/30/2018 - 11:29
In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur.
Categories: Security News

CVE-2018-5799

Fri, 03/30/2018 - 09:29
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
Categories: Security News

CVE-2018-9146

Fri, 03/30/2018 - 04:29
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::IptcData::printStructure in image.cpp, a different vulnerability than CVE-2017-17724. It could result in denial of service or information disclosure.
Categories: Security News

CVE-2018-9130

Fri, 03/30/2018 - 04:29
IBOS 4.4.3 has XSS via a company full name.
Categories: Security News

CVE-2018-9132

Fri, 03/30/2018 - 04:29
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.
Categories: Security News

CVE-2018-9133

Fri, 03/30/2018 - 04:29
ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file.
Categories: Security News

CVE-2018-9135

Fri, 03/30/2018 - 04:29
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
Categories: Security News

CVE-2018-9136

Fri, 03/30/2018 - 04:29
windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file, a different vulnerability than CVE-2018-8821.
Categories: Security News

CVE-2018-9138

Fri, 03/30/2018 - 04:29
An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.
Categories: Security News

CVE-2018-9139

Fri, 03/30/2018 - 04:29
On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.
Categories: Security News

CVE-2018-9140

Fri, 03/30/2018 - 04:29
On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.
Categories: Security News

CVE-2018-9141

Fri, 03/30/2018 - 04:29
On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.
Categories: Security News

CVE-2018-9142

Fri, 03/30/2018 - 04:29
On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.
Categories: Security News

CVE-2018-9143

Fri, 03/30/2018 - 04:29
On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991.
Categories: Security News

CVE-2018-9144

Fri, 03/30/2018 - 04:29
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure.
Categories: Security News

CVE-2018-9145

Fri, 03/30/2018 - 04:29
In Exiv2 0.26, there is a reachable assertion abort in the function Exiv2::DataBuf::DataBuf at include/exiv2/types.hpp.
Categories: Security News

CVE-2016-0898

Thu, 03/29/2018 - 18:29
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
Categories: Security News

CVE-2016-6658

Thu, 03/29/2018 - 18:29
Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using a URL pointing to the buildpack. Although it is not recommended, a user can specify a credential in the URL (basic auth or OAuth) to access the buildpack through the CLI. For example, the user could include a GitHub username and password in the URL to access a private repo. Because the URL to access the buildpack is stored unencrypted, an operator with privileged access to the Cloud Controller database could view these credentials.
Categories: Security News

Pages