National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 8 hours 8 min ago

CVE-2018-12071

Sun, 06/17/2018 - 16:29
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.
Categories: Security News

CVE-2018-12072

Sun, 06/17/2018 - 16:29
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it.
Categories: Security News

CVE-2018-12073

Sun, 06/17/2018 - 16:29
An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password.
Categories: Security News

CVE-2018-12104

Sun, 06/17/2018 - 16:29
Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/new_report.kp URI.
Categories: Security News

CVE-2018-10997

Sun, 06/17/2018 - 13:29
Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.
Categories: Security News

CVE-2018-11218

Sun, 06/17/2018 - 13:29
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
Categories: Security News

CVE-2018-11219

Sun, 06/17/2018 - 13:29
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
Categories: Security News

CVE-2018-10377

Sun, 06/17/2018 - 12:29
PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data.
Categories: Security News

CVE-2018-10969

Sun, 06/17/2018 - 12:29
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.
Categories: Security News

CVE-2018-11647

Sun, 06/17/2018 - 12:29
index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL.
Categories: Security News

CVE-2018-12329

Sun, 06/17/2018 - 12:29
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning.
Categories: Security News

CVE-2018-12330

Sun, 06/17/2018 - 12:29
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware.
Categories: Security News

CVE-2018-12331

Sun, 06/17/2018 - 12:29
Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment."
Categories: Security News

CVE-2018-12332

Sun, 06/17/2018 - 12:29
Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset.
Categories: Security News

CVE-2018-12333

Sun, 06/17/2018 - 12:29
Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code.
Categories: Security News

CVE-2018-12334

Sun, 06/17/2018 - 12:29
Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack.
Categories: Security News

CVE-2018-12335

Sun, 06/17/2018 - 12:29
Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment.
Categories: Security News

CVE-2018-12336

Sun, 06/17/2018 - 12:29
Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.
Categories: Security News

CVE-2018-12337

Sun, 06/17/2018 - 12:29
Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation.
Categories: Security News

CVE-2018-12338

Sun, 06/17/2018 - 12:29
Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access.
Categories: Security News

Pages