National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 12 hours 35 min ago

CVE-2018-9065

Mon, 07/30/2018 - 12:29
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.
Categories: Security News

CVE-2018-9066

Mon, 07/30/2018 - 12:29
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.
Categories: Security News

CVE-2017-7514

Mon, 07/30/2018 - 11:29
A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.
Categories: Security News

CVE-2017-7518

Mon, 07/30/2018 - 11:29
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.
Categories: Security News

CVE-2018-13280

Mon, 07/30/2018 - 10:29
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.
Categories: Security News

CVE-2016-9597

Mon, 07/30/2018 - 10:29
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.
Categories: Security News

CVE-2017-7482

Mon, 07/30/2018 - 10:29
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.
Categories: Security News

CVE-2018-14744

Sun, 07/29/2018 - 21:29
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A use-after-free can occur in _pbcM_sp_query in map.c.
Categories: Security News

CVE-2018-14736

Sun, 07/29/2018 - 21:29
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM.
Categories: Security News

CVE-2018-14737

Sun, 07/29/2018 - 21:29
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference can occur in pbc_wmessage_string in wmessage.c.
Categories: Security News

CVE-2018-14738

Sun, 07/29/2018 - 21:29
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c.
Categories: Security News

CVE-2018-14739

Sun, 07/29/2018 - 21:29
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c.
Categories: Security News

CVE-2018-14740

Sun, 07/29/2018 - 21:29
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query.
Categories: Security News

CVE-2018-14741

Sun, 07/29/2018 - 21:29
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c.
Categories: Security News

CVE-2018-14742

Sun, 07/29/2018 - 21:29
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy.
Categories: Security News

CVE-2018-14743

Sun, 07/29/2018 - 21:29
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c.
Categories: Security News

CVE-2018-14734

Sun, 07/29/2018 - 19:29
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
Categories: Security News

CVE-2018-14679

Sat, 07/28/2018 - 19:29
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Categories: Security News

CVE-2018-14680

Sat, 07/28/2018 - 19:29
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
Categories: Security News

CVE-2018-14681

Sat, 07/28/2018 - 19:29
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
Categories: Security News

Pages