National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 17 hours 37 min ago

CVE-2019-16098

Wed, 09/11/2019 - 13:15
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
Categories: Security News

CVE-2019-16230

Wed, 09/11/2019 - 12:15
drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Categories: Security News

CVE-2019-16231

Wed, 09/11/2019 - 12:15
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Categories: Security News

CVE-2019-16232

Wed, 09/11/2019 - 12:15
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Categories: Security News

CVE-2019-16233

Wed, 09/11/2019 - 12:15
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Categories: Security News

CVE-2019-16234

Wed, 09/11/2019 - 12:15
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Categories: Security News

CVE-2019-16229

Wed, 09/11/2019 - 12:15
drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
Categories: Security News

CVE-2019-16224

Wed, 09/11/2019 - 11:15
An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation.
Categories: Security News

CVE-2019-16225

Wed, 09/11/2019 - 11:15
An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation.
Categories: Security News

CVE-2019-16226

Wed, 09/11/2019 - 11:15
An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation.
Categories: Security News

CVE-2019-16227 (py-lmdb)

Wed, 09/11/2019 - 11:15
An issue was discovered in py_lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1.
Categories: Security News

CVE-2019-16228 (py-lmdb)

Wed, 09/11/2019 - 11:15
An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field.
Categories: Security News

CVE-2019-3643

Wed, 09/11/2019 - 11:15
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.
Categories: Security News

CVE-2019-3644

Wed, 09/11/2019 - 11:15
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.
Categories: Security News

CVE-2019-16221 (wordpress)

Wed, 09/11/2019 - 10:15
WordPress before 5.2.3 allows reflected XSS in the dashboard.
Categories: Security News

CVE-2019-16222 (wordpress)

Wed, 09/11/2019 - 10:15
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
Categories: Security News

CVE-2019-16223 (wordpress)

Wed, 09/11/2019 - 10:15
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
Categories: Security News

CVE-2019-8449 (jira)

Wed, 09/11/2019 - 10:15
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
Categories: Security News

CVE-2019-8450 (jira)

Wed, 09/11/2019 - 10:15
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.
Categories: Security News

CVE-2019-8451 (jira)

Wed, 09/11/2019 - 10:15
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
Categories: Security News

Pages