National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 6 hours 33 min ago

CVE-2018-9312

Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.
Categories: Security News

CVE-2018-9313

Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot.
Categories: Security News

CVE-2018-9314

Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access.
Categories: Security News

CVE-2018-9318

Thu, 05/31/2018 - 08:29
The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.
Categories: Security News

CVE-2018-9320

Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in.
Categories: Security News

CVE-2018-9322

Thu, 05/31/2018 - 08:29
The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell.
Categories: Security News

CVE-2018-11583

Wed, 05/30/2018 - 23:29
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.
Categories: Security News

CVE-2018-11579

Wed, 05/30/2018 - 21:29
class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a wbm_save_shop_page_banner_data action.
Categories: Security News

CVE-2018-11580

Wed, 05/30/2018 - 21:29
An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site and create hundreds of thousands of posts with custom content.
Categories: Security News

CVE-2018-11571

Wed, 05/30/2018 - 20:29
ClipperCMS 1.3.3 allows Session Fixation.
Categories: Security News

CVE-2018-11572

Wed, 05/30/2018 - 20:29
ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.
Categories: Security News

CVE-2018-11575

Wed, 05/30/2018 - 20:29
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.
Categories: Security News

CVE-2018-11576

Wed, 05/30/2018 - 20:29
ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.
Categories: Security News

CVE-2018-11577

Wed, 05/30/2018 - 20:29
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
Categories: Security News

CVE-2018-11578

Wed, 05/30/2018 - 20:29
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.
Categories: Security News

CVE-2018-11567

Wed, 05/30/2018 - 18:29
Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still does not respond, the microphone is then turned off. The vulnerability involves empty output-speech reprompts, custom wildcard ("gibberish") input slots, and logging of detected speech. If a maliciously designed skill is installed, an attacker could obtain transcripts of speech not intended for Alexa to process, but simply spoken within the device's hearing range.
Categories: Security News

CVE-2018-11568

Wed, 05/30/2018 - 18:29
Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have &lt; and &gt; representations.
Categories: Security News

CVE-2015-7610

Wed, 05/30/2018 - 17:29
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
Categories: Security News

CVE-2018-10196

Wed, 05/30/2018 - 17:29
NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
Categories: Security News

CVE-2018-10939

Wed, 05/30/2018 - 17:29
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.
Categories: Security News

Pages