National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 7 hours 44 min ago

CVE-2018-5860

Fri, 06/15/2018 - 16:29
In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly.
Categories: Security News

CVE-2018-5863

Fri, 06/15/2018 - 16:29
If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
Categories: Security News

CVE-2018-12498

Fri, 06/15/2018 - 15:29
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
Categories: Security News

CVE-2018-12491

Fri, 06/15/2018 - 14:29
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944.
Categories: Security News

CVE-2018-12492

Fri, 06/15/2018 - 14:29
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.
Categories: Security News

CVE-2018-12493

Fri, 06/15/2018 - 14:29
An issue discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI.
Categories: Security News

CVE-2018-12494

Fri, 06/15/2018 - 14:29
An issue discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI.
Categories: Security News

CVE-2018-12495

Fri, 06/15/2018 - 14:29
The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
Categories: Security News

CVE-2018-12030

Fri, 06/15/2018 - 12:29
Chevereto Free before 1.0.13 has XSS.
Categories: Security News

CVE-2018-12034

Fri, 06/15/2018 - 12:29
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
Categories: Security News

CVE-2018-12035

Fri, 06/15/2018 - 12:29
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
Categories: Security News

CVE-2018-12422

Fri, 06/15/2018 - 12:29
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function.
Categories: Security News

CVE-2018-12481

Fri, 06/15/2018 - 12:29
The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module.
Categories: Security News

CVE-2018-12458

Fri, 06/15/2018 - 11:29
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
Categories: Security News

CVE-2018-12459

Fri, 06/15/2018 - 11:29
An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.
Categories: Security News

CVE-2018-12460

Fri, 06/15/2018 - 11:29
libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c.
Categories: Security News

CVE-2018-5854

Fri, 06/15/2018 - 11:29
A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
Categories: Security News

CVE-2018-5857

Fri, 06/15/2018 - 11:29
In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
Categories: Security News

CVE-2018-12457

Fri, 06/15/2018 - 10:29
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
Categories: Security News

CVE-2018-1419

Fri, 06/15/2018 - 10:29
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.
Categories: Security News

Pages