National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 8 hours 7 min ago

CVE-2018-1002100

Fri, 06/01/2018 - 21:29
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
Categories: Security News

CVE-2018-11143

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46).
Categories: Security News

CVE-2018-11144

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).
Categories: Security News

CVE-2018-11145

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).
Categories: Security News

CVE-2018-11146

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).
Categories: Security News

CVE-2018-11147

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).
Categories: Security News

CVE-2018-11148

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).
Categories: Security News

CVE-2018-11149

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).
Categories: Security News

CVE-2018-11150

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).
Categories: Security News

CVE-2018-11151

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).
Categories: Security News

CVE-2018-11152

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).
Categories: Security News

CVE-2018-11153

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).
Categories: Security News

CVE-2018-11154

Fri, 06/01/2018 - 21:29
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).
Categories: Security News

CVE-2016-1000338

Fri, 06/01/2018 - 16:29
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
Categories: Security News

CVE-2018-11195

Fri, 06/01/2018 - 15:29
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.
Categories: Security News

CVE-2018-11196

Fri, 06/01/2018 - 15:29
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers.
Categories: Security News

CVE-2018-11538

Fri, 06/01/2018 - 15:29
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
Categories: Security News

CVE-2018-3756

Fri, 06/01/2018 - 15:29
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.
Categories: Security News

CVE-2018-3757

Fri, 06/01/2018 - 15:29
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.
Categories: Security News

CVE-2018-3809

Fri, 06/01/2018 - 15:29
Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.
Categories: Security News

Pages