National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 18 hours 33 min ago

CVE-2018-10778

Mon, 05/07/2018 - 03:29
Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409.
Categories: Security News

CVE-2018-10779

Mon, 05/07/2018 - 03:29
TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
Categories: Security News

CVE-2018-10780

Mon, 05/07/2018 - 03:29
Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.
Categories: Security News

CVE-2018-10771

Sun, 05/06/2018 - 22:29
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-10772

Sun, 05/06/2018 - 22:29
The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
Categories: Security News

CVE-2018-10767

Sun, 05/06/2018 - 19:29
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.
Categories: Security News

CVE-2018-10768

Sun, 05/06/2018 - 19:29
There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.
Categories: Security News

CVE-2018-0494

Sun, 05/06/2018 - 18:29
GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.
Categories: Security News

CVE-2018-10686

Sun, 05/06/2018 - 01:29
An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php.
Categories: Security News

CVE-2018-10723

Sat, 05/05/2018 - 18:29
Directus 6.4.9 has a hardcoded admin password for the Admin account because of an INSERT statement in api/schema.sql.
Categories: Security News

CVE-2018-10757

Sat, 05/05/2018 - 15:29
CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authentication Bypass, via a crafted username during a login attempt.
Categories: Security News

CVE-2018-10758

Sat, 05/05/2018 - 15:29
The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles.
Categories: Security News

CVE-2018-10752

Fri, 05/04/2018 - 22:29
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
Categories: Security News

CVE-2018-10753

Fri, 05/04/2018 - 22:29
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Categories: Security News

CVE-2018-10754

Fri, 05/04/2018 - 22:29
In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax.
Categories: Security News

CVE-2018-9154

Fri, 05/04/2018 - 17:29
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack.
Categories: Security News

CVE-2011-0704

Fri, 05/04/2018 - 16:29
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.
Categories: Security News

CVE-2012-5628

Fri, 05/04/2018 - 16:29
gofer before 0.68 uses world-writable permissions for /var/lib/gofer/journal/watchdog, which allows local users to cause a denial of service by removing journal entries.
Categories: Security News

CVE-2013-2233

Fri, 05/04/2018 - 16:29
Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
Categories: Security News

CVE-2017-15043

Fri, 05/04/2018 - 16:29
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.
Categories: Security News

Pages