National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 12 hours 34 min ago

CVE-2018-16490

Fri, 02/01/2019 - 13:29
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
Categories: Security News

CVE-2018-16491

Fri, 02/01/2019 - 13:29
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
Categories: Security News

CVE-2018-16492

Fri, 02/01/2019 - 13:29
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
Categories: Security News

CVE-2018-16493

Fri, 02/01/2019 - 13:29
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.
Categories: Security News

CVE-2018-19004

Fri, 02/01/2019 - 13:29
LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration.
Categories: Security News

CVE-2018-0722

Fri, 02/01/2019 - 13:29
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.
Categories: Security News

CVE-2018-16479

Fri, 02/01/2019 - 13:29
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.
Categories: Security News

CVE-2018-16480

Fri, 02/01/2019 - 13:29
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.
Categories: Security News

CVE-2018-16481

Fri, 02/01/2019 - 13:29
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.
Categories: Security News

CVE-2018-16482

Fri, 02/01/2019 - 13:29
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.
Categories: Security News

CVE-2018-16483

Fri, 02/01/2019 - 13:29
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.
Categories: Security News

CVE-2018-16484

Fri, 02/01/2019 - 13:29
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.
Categories: Security News

CVE-2018-16485

Fri, 02/01/2019 - 13:29
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
Categories: Security News

CVE-2018-16486

Fri, 02/01/2019 - 13:29
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.
Categories: Security News

CVE-2018-16487

Fri, 02/01/2019 - 13:29
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Categories: Security News

CVE-2018-16489

Fri, 02/01/2019 - 13:29
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.
Categories: Security News

CVE-2018-18988

Fri, 02/01/2019 - 12:29
LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.
Categories: Security News

CVE-2016-10741

Fri, 02/01/2019 - 11:29
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.
Categories: Security News

CVE-2018-5498

Fri, 02/01/2019 - 11:29
Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access.
Categories: Security News

CVE-2018-15617

Fri, 02/01/2019 - 10:29
A vulnerability in the "capro" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1.
Categories: Security News

Pages