National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 17 hours 8 min ago

CVE-2011-2765

Mon, 08/20/2018 - 09:29
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
Categories: Security News

CVE-2018-15594

Mon, 08/20/2018 - 04:29
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
Categories: Security News

CVE-2018-15572

Sun, 08/19/2018 - 22:29
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
Categories: Security News

CVE-2018-15573

Sun, 08/19/2018 - 22:29
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability."
Categories: Security News

CVE-2018-15574

Sun, 08/19/2018 - 22:29
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
Categories: Security News

CVE-2018-15570

Sun, 08/19/2018 - 21:29
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.
Categories: Security News

CVE-2018-15564

Sun, 08/19/2018 - 21:29
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.
Categories: Security News

CVE-2018-15565

Sun, 08/19/2018 - 21:29
An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF.
Categories: Security News

CVE-2018-15566

Sun, 08/19/2018 - 21:29
tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter.
Categories: Security News

CVE-2018-15567

Sun, 08/19/2018 - 21:29
CMSUno before 1.5.3 has XSS via the title field.
Categories: Security News

CVE-2018-15568

Sun, 08/19/2018 - 21:29
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.
Categories: Security News

CVE-2018-15569

Sun, 08/19/2018 - 21:29
my little forum 2.4.12 allows CSRF for deletion of users.
Categories: Security News

CVE-2018-15553

Sun, 08/19/2018 - 20:29
fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field.
Categories: Security News

CVE-2018-15559

Sun, 08/19/2018 - 20:29
The editor in Xiuno BBS 4.0.4 allows stored XSS.
Categories: Security News

CVE-2018-15560

Sun, 08/19/2018 - 20:29
PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.
Categories: Security News

Pages