National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 18 hours 49 min ago

CVE-2018-3847

Wed, 08/01/2018 - 15:29
Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
Categories: Security News

CVE-2016-8640

Wed, 08/01/2018 - 14:29
A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.
Categories: Security News

CVE-2018-10618

Wed, 08/01/2018 - 14:29
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.
Categories: Security News

CVE-2018-8034

Wed, 08/01/2018 - 14:29
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
Categories: Security News

CVE-2016-8609

Wed, 08/01/2018 - 13:29
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.
Categories: Security News

CVE-2016-9583

Wed, 08/01/2018 - 13:29
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
Categories: Security News

CVE-2018-10894

Wed, 08/01/2018 - 13:29
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.
Categories: Security News

CVE-2018-10896

Wed, 08/01/2018 - 13:29
The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.
Categories: Security News

CVE-2018-10897

Wed, 08/01/2018 - 13:29
A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.
Categories: Security News

CVE-2018-1595

Wed, 08/01/2018 - 13:29
IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. IBM X-Force ID: 143622.
Categories: Security News

CVE-2016-8651

Wed, 08/01/2018 - 12:29
An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of any information contained within the image.
Categories: Security News

CVE-2016-8654

Wed, 08/01/2018 - 12:29
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
Categories: Security News

CVE-2016-9572

Wed, 08/01/2018 - 12:29
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image.
Categories: Security News

CVE-2016-9579

Wed, 08/01/2018 - 12:29
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.
Categories: Security News

CVE-2016-9580

Wed, 08/01/2018 - 12:29
An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.
Categories: Security News

CVE-2017-5692

Wed, 08/01/2018 - 11:29
Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack.
Categories: Security News

CVE-2018-12466

Wed, 08/01/2018 - 11:29
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
Categories: Security News

CVE-2018-12467

Wed, 08/01/2018 - 11:29
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.
Categories: Security News

CVE-2018-3650

Wed, 08/01/2018 - 11:29
Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.
Categories: Security News

CVE-2018-3662

Wed, 08/01/2018 - 11:29
Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.
Categories: Security News

Pages