National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 9 hours 1 min ago

CVE-2018-19518

Sun, 11/25/2018 - 05:29
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
Categories: Security News

CVE-2018-19517

Sat, 11/24/2018 - 13:29
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf.
Categories: Security News

CVE-2018-19499

Fri, 11/23/2018 - 14:29
Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class.
Categories: Security News

CVE-2018-19502

Fri, 11/23/2018 - 14:29
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c.
Categories: Security News

CVE-2018-19503

Fri, 11/23/2018 - 14:29
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c.
Categories: Security News

CVE-2018-19504

Fri, 11/23/2018 - 14:29
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.
Categories: Security News

CVE-2018-19490

Fri, 11/23/2018 - 12:29
An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function.
Categories: Security News

CVE-2018-19491

Fri, 11/23/2018 - 12:29
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend.
Categories: Security News

CVE-2018-19492

Fri, 11/23/2018 - 12:29
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend.
Categories: Security News

CVE-2018-19486

Fri, 11/23/2018 - 03:29
Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.
Categories: Security News

CVE-2018-19468

Fri, 11/23/2018 - 00:29
HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_class.php via the X-Forwarded-For HTTP header to the user/index.php?load=login&act=act_login URI.
Categories: Security News

CVE-2018-19469

Fri, 11/23/2018 - 00:29
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.
Categories: Security News

CVE-2018-19475

Fri, 11/23/2018 - 00:29
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
Categories: Security News

CVE-2018-19476

Fri, 11/23/2018 - 00:29
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
Categories: Security News

CVE-2018-19477

Fri, 11/23/2018 - 00:29
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
Categories: Security News

CVE-2018-19463

Thu, 11/22/2018 - 16:29
zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI.
Categories: Security News

CVE-2018-19464

Thu, 11/22/2018 - 16:29
Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandle s statcode field from third-party stats code.
Categories: Security News

CVE-2018-19457

Thu, 11/22/2018 - 15:29
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
Categories: Security News

CVE-2018-19458

Thu, 11/22/2018 - 15:29
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
Categories: Security News

CVE-2018-19459

Thu, 11/22/2018 - 15:29
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
Categories: Security News

Pages