National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 1 day 8 min ago

CVE-2016-8516

Thu, 02/15/2018 - 17:29
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
Categories: Security News

CVE-2016-8517

Thu, 02/15/2018 - 17:29
A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
Categories: Security News

CVE-2016-8518

Thu, 02/15/2018 - 17:29
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
Categories: Security News

CVE-2016-8519

Thu, 02/15/2018 - 17:29
A remote code execution vulnerability in HPE Operations Orchestration Community edition and Enterprise edition prior to v10.70 was found.
Categories: Security News

CVE-2016-8520

Thu, 02/15/2018 - 17:29
HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned objects and ACLs. In some cases, authenticated users with S3 permissions could also access versioned data.
Categories: Security News

CVE-2016-8521

Thu, 02/15/2018 - 17:29
A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.
Categories: Security News

CVE-2016-8522

Thu, 02/15/2018 - 17:29
A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.
Categories: Security News

CVE-2011-4973

Thu, 02/15/2018 - 16:29
Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password.
Categories: Security News

CVE-2014-0013

Thu, 02/15/2018 - 16:29
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable.
Categories: Security News

CVE-2014-0014

Thu, 02/15/2018 - 16:29
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload.
Categories: Security News

CVE-2018-7173

Thu, 02/15/2018 - 16:29
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
Categories: Security News

CVE-2018-7174

Thu, 02/15/2018 - 16:29
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
Categories: Security News

CVE-2018-7175

Thu, 02/15/2018 - 16:29
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.
Categories: Security News

CVE-2018-7050

Thu, 02/15/2018 - 15:29
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick.
Categories: Security News

CVE-2018-7051

Thu, 02/15/2018 - 15:29
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings.
Categories: Security News

CVE-2018-7052

Thu, 02/15/2018 - 15:29
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur.
Categories: Security News

CVE-2018-7053

Thu, 02/15/2018 - 15:29
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.
Categories: Security News

CVE-2018-7054

Thu, 02/15/2018 - 15:29
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits.
Categories: Security News

CVE-2018-7169

Thu, 02/15/2018 - 15:29
An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
Categories: Security News

CVE-2017-15089

Thu, 02/15/2018 - 12:29
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
Categories: Security News

Pages