National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 14 hours 49 min ago

CVE-2017-18251

Mon, 03/26/2018 - 23:29
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.
Categories: Security News

CVE-2017-18252

Mon, 03/26/2018 - 23:29
An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.
Categories: Security News

CVE-2017-18253

Mon, 03/26/2018 - 23:29
An issue was discovered in ImageMagick 7.0.7. A NULL pointer dereference vulnerability was found in the function LoadOpenCLDevices in MagickCore/opencl.c, which allows attackers to cause a denial of service via a crafted file.
Categories: Security News

CVE-2017-18254

Mon, 03/26/2018 - 23:29
An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.
Categories: Security News

CVE-2018-9032

Mon, 03/26/2018 - 23:29
An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php.
Categories: Security News

CVE-2018-9039

Mon, 03/26/2018 - 23:29
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments.
Categories: Security News

CVE-2018-9040

Mon, 03/26/2018 - 23:29
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.
Categories: Security News

CVE-2018-9041

Mon, 03/26/2018 - 23:29
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.
Categories: Security News

CVE-2018-9042

Mon, 03/26/2018 - 23:29
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.
Categories: Security News

CVE-2018-9043

Mon, 03/26/2018 - 23:29
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.
Categories: Security News

CVE-2018-9044

Mon, 03/26/2018 - 23:29
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.
Categories: Security News

CVE-2018-9045

Mon, 03/26/2018 - 23:29
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002849.
Categories: Security News

CVE-2018-9046

Mon, 03/26/2018 - 23:29
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282d.
Categories: Security News

CVE-2017-12410

Mon, 03/26/2018 - 17:29
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with "NT AUTHORITY\SYSTEM" privileges.
Categories: Security News

CVE-2017-12815

Mon, 03/26/2018 - 17:29
Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using <object> and/or <appletHTML> tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet.
Categories: Security News

CVE-2018-7658

Mon, 03/26/2018 - 17:29
NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 allows remote attackers to cause a denial of service (daemon crash) by sending exactly 11 bytes.
Categories: Security News

CVE-2018-8802

Mon, 03/26/2018 - 17:29
SQL injection vulnerability in the management interface in ePortal Manager in Unisys ClearPath MCP OS systems with 17.0 CLEARPATHEPORTAL before 17.0a.31 and 18.0 CLEARPATHEPORTAL before 059.1a.13; and ClearPath OS 2200 systems with 16.0 EPORTAL-2200 before 2.2.81 and 17.0 EPORTAL-2200 before 2.3.82 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
Categories: Security News

CVE-2017-18249

Mon, 03/26/2018 - 16:29
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
Categories: Security News

CVE-2018-1348

Mon, 03/26/2018 - 15:29
NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.
Categories: Security News

CVE-2018-1349

Mon, 03/26/2018 - 15:29
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.
Categories: Security News

Pages