National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 6 hours 41 min ago

CVE-2018-19567

Mon, 11/26/2018 - 15:29
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
Categories: Security News

CVE-2018-19568

Mon, 11/26/2018 - 15:29
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
Categories: Security News

CVE-2018-14646

Mon, 11/26/2018 - 14:29
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
Categories: Security News

CVE-2018-16862

Mon, 11/26/2018 - 14:29
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
Categories: Security News

CVE-2018-19564

Mon, 11/26/2018 - 13:29
Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting.
Categories: Security News

CVE-2018-16854

Mon, 11/26/2018 - 12:29
A flaw was found in moodle before versions 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15. The login form is not protected by a token to prevent login cross-site request forgery.
Categories: Security News

CVE-2017-1418

Mon, 11/26/2018 - 11:29
IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406.
Categories: Security News

CVE-2018-1905

Mon, 11/26/2018 - 11:29
IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534.
Categories: Security News

CVE-2018-19555

Mon, 11/26/2018 - 02:29
tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any password, such as the administrator password.
Categories: Security News

CVE-2018-19556

Mon, 11/26/2018 - 02:29
zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing.
Categories: Security News

CVE-2018-19557

Mon, 11/26/2018 - 02:29
An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images.
Categories: Security News

CVE-2018-19558

Mon, 11/26/2018 - 02:29
An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php.
Categories: Security News

CVE-2018-19559

Mon, 11/26/2018 - 02:29
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.
Categories: Security News

CVE-2018-19560

Mon, 11/26/2018 - 02:29
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
Categories: Security News

CVE-2018-19561

Mon, 11/26/2018 - 02:29
sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account.
Categories: Security News

CVE-2018-19562

Mon, 11/26/2018 - 02:29
An issue was discovered in PHPok 4.9.015. admin.php?c=update&f=unzip allows remote attackers to execute arbitrary code via a "Login Background > Program Upgrade > Compressed Packet Upgrade" action in which a .php file is inside a ZIP archive.
Categories: Security News

CVE-2018-19544

Mon, 11/26/2018 - 02:29
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news.
Categories: Security News

CVE-2018-19545

Mon, 11/26/2018 - 02:29
JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user.
Categories: Security News

CVE-2018-19546

Mon, 11/26/2018 - 02:29
JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.
Categories: Security News

CVE-2018-19547

Mon, 11/26/2018 - 02:29
JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter.
Categories: Security News

Pages