National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 1 day 52 min ago

CVE-2018-7269

Wed, 03/21/2018 - 14:29
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
Categories: Security News

CVE-2018-8073

Wed, 03/21/2018 - 14:29
Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
Categories: Security News

CVE-2018-8074

Wed, 03/21/2018 - 14:29
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
Categories: Security News

CVE-2017-18241

Wed, 03/21/2018 - 12:29
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
Categories: Security News

CVE-2018-1344

Wed, 03/21/2018 - 10:29
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1
Categories: Security News

CVE-2018-1345

Wed, 03/21/2018 - 10:29
NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.
Categories: Security News

CVE-2018-1346

Wed, 03/21/2018 - 10:29
Addresses denial of service attack to eDirectory versions prior to 9.1.
Categories: Security News

CVE-2018-1347

Wed, 03/21/2018 - 10:29
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
Categories: Security News

CVE-2018-8881

Tue, 03/20/2018 - 19:29
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
Categories: Security News

CVE-2018-8882

Tue, 03/20/2018 - 19:29
Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
Categories: Security News

CVE-2018-8883

Tue, 03/20/2018 - 19:29
Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
Categories: Security News

CVE-2018-8873

Tue, 03/20/2018 - 18:29
In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040.
Categories: Security News

CVE-2018-8874

Tue, 03/20/2018 - 18:29
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222054.
Categories: Security News

CVE-2018-8875

Tue, 03/20/2018 - 18:29
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x0022209c.
Categories: Security News

CVE-2018-8876

Tue, 03/20/2018 - 18:29
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222098.
Categories: Security News

CVE-2015-7460

Tue, 03/20/2018 - 17:29
Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108356.
Categories: Security News

CVE-2015-7461

Tue, 03/20/2018 - 17:29
XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357.
Categories: Security News

CVE-2018-8832

Tue, 03/20/2018 - 17:29
enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page.
Categories: Security News

CVE-2014-1215

Tue, 03/20/2018 - 17:29
Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry.
Categories: Security News

CVE-2014-1457

Tue, 03/20/2018 - 17:29
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.
Categories: Security News

Pages