National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 3 hours 2 min ago

CVE-2018-0685

Thu, 11/15/2018 - 10:29
SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search.
Categories: Security News

CVE-2018-0686

Thu, 11/15/2018 - 10:29
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors.
Categories: Security News

CVE-2018-0687

Thu, 11/15/2018 - 10:29
Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Categories: Security News

CVE-2018-0690

Thu, 11/15/2018 - 10:29
An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.
Categories: Security News

CVE-2018-0691

Thu, 11/15/2018 - 10:29
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Categories: Security News

CVE-2018-0692

Thu, 11/15/2018 - 10:29
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Categories: Security News

CVE-2018-12480

Thu, 11/15/2018 - 08:29
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
Categories: Security News

CVE-2015-9274

Thu, 11/15/2018 - 01:29
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.
Categories: Security News

CVE-2018-19286

Thu, 11/15/2018 - 01:29
The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note.
Categories: Security News

CVE-2018-19287

Thu, 11/15/2018 - 01:29
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
Categories: Security News

CVE-2018-19288

Thu, 11/15/2018 - 01:29
Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API.
Categories: Security News

CVE-2018-19289

Thu, 11/15/2018 - 01:29
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.
Categories: Security News

CVE-2018-19291

Thu, 11/15/2018 - 01:29
An issue discovered in DiliCMS 2.4.0. There is a CSRF vulnerability that can delete a user or group via an admin/index.php/user/del/1 or admin/index.php/role/del/2 URI.
Categories: Security News

CVE-2018-19279

Wed, 11/14/2018 - 15:29
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
Categories: Security News

CVE-2018-19280

Wed, 11/14/2018 - 15:29
Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
Categories: Security News

CVE-2018-19281

Wed, 11/14/2018 - 15:29
Centreon 3.4.x allows SNMP trap SQL Injection.
Categories: Security News

CVE-2018-17960

Wed, 11/14/2018 - 15:29
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
Categories: Security News

CVE-2018-19278

Wed, 11/14/2018 - 15:29
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.
Categories: Security News

CVE-2018-5495

Wed, 11/14/2018 - 14:29
All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node.
Categories: Security News

CVE-2018-9541

Wed, 11/14/2018 - 13:29
In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531
Categories: Security News

Pages