National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 12 hours 21 min ago

CVE-2019-0104

Mon, 02/18/2019 - 12:29
Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
Categories: Security News

CVE-2019-0105

Mon, 02/18/2019 - 12:29
Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access.
Categories: Security News

CVE-2019-0106

Mon, 02/18/2019 - 12:29
Insufficient run protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.
Categories: Security News

CVE-2019-0107

Mon, 02/18/2019 - 12:29
Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access.
Categories: Security News

CVE-2019-0108

Mon, 02/18/2019 - 12:29
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access.
Categories: Security News

CVE-2019-0109

Mon, 02/18/2019 - 12:29
Improper folder permissions in Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
Categories: Security News

CVE-2019-0110

Mon, 02/18/2019 - 12:29
Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
Categories: Security News

CVE-2019-0111

Mon, 02/18/2019 - 12:29
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
Categories: Security News

CVE-2019-0112

Mon, 02/18/2019 - 12:29
Improper flow control in crypto routines for Intel(R) Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable a denial of service via local access.
Categories: Security News

CVE-2019-0127

Mon, 02/18/2019 - 12:29
Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and before for Linux may allow a privileged user to potentially enable information disclosure via local access.
Categories: Security News

CVE-2019-8904

Mon, 02/18/2019 - 12:29
do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf.
Categories: Security News

CVE-2019-8905

Mon, 02/18/2019 - 12:29
do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.
Categories: Security News

CVE-2019-8903

Mon, 02/18/2019 - 11:29
index.js in Total.js Platform before 3.2.3 allows path traversal.
Categories: Security News

CVE-2019-6453

Mon, 02/18/2019 - 10:29
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).
Categories: Security News

CVE-2019-8372

Mon, 02/18/2019 - 10:29
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
Categories: Security News

CVE-2019-8902

Mon, 02/18/2019 - 09:29
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
Categories: Security News

CVE-2019-8423

Sun, 02/17/2019 - 19:29
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
Categories: Security News

CVE-2019-8424

Sun, 02/17/2019 - 19:29
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
Categories: Security News

CVE-2019-8425

Sun, 02/17/2019 - 19:29
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
Categories: Security News

CVE-2019-8426

Sun, 02/17/2019 - 19:29
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
Categories: Security News

Pages