National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 3 hours 1 min ago

CVE-2018-19621

Wed, 11/28/2018 - 03:29
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.
Categories: Security News

CVE-2018-0721

Tue, 11/27/2018 - 18:29
Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to run arbitrary code on NAS devices.
Categories: Security News

CVE-2018-7946

Tue, 11/27/2018 - 17:29
There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak.
Categories: Security News

CVE-2018-7958

Tue, 11/27/2018 - 17:29
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.
Categories: Security News

CVE-2018-7959

Tue, 11/27/2018 - 17:29
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.
Categories: Security News

CVE-2018-7960

Tue, 11/27/2018 - 17:29
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.
Categories: Security News

CVE-2018-7961

Tue, 11/27/2018 - 17:29
There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak.
Categories: Security News

CVE-2018-7977

Tue, 11/27/2018 - 17:29
There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.
Categories: Security News

CVE-2018-7988

Tue, 11/27/2018 - 17:29
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection.
Categories: Security News

CVE-2018-13359

Tue, 11/27/2018 - 16:29
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter.
Categories: Security News

CVE-2018-13360

Tue, 11/27/2018 - 16:29
Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "filename" URL parameter.
Categories: Security News

CVE-2018-13361

Tue, 11/27/2018 - 16:29
User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter.
Categories: Security News

CVE-2018-13418

Tue, 11/27/2018 - 16:29
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.
Categories: Security News

CVE-2018-13330

Tue, 11/27/2018 - 16:29
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
Categories: Security News

CVE-2018-13331

Tue, 11/27/2018 - 16:29
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames.
Categories: Security News

CVE-2018-13332

Tue, 11/27/2018 - 16:29
Directory Traversal in the explorer application in TerraMaster TOS version 3.1.03 allows attackers to upload files to arbitrary locations via the "path" URL parameter.
Categories: Security News

CVE-2018-13333

Tue, 11/27/2018 - 16:29
Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames.
Categories: Security News

CVE-2018-13335

Tue, 11/27/2018 - 16:29
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions.
Categories: Security News

CVE-2018-13336

Tue, 11/27/2018 - 16:29
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
Categories: Security News

CVE-2018-13338

Tue, 11/27/2018 - 16:29
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
Categories: Security News

Pages