National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 1 hour 11 min ago

CVE-2014-0881

Wed, 04/25/2018 - 16:29
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of service by leveraging an incorrect configuration. IBM X-Force ID: 91146.
Categories: Security News

CVE-2014-0882

Wed, 04/25/2018 - 16:29
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via vectors related to generated Service Advisor data (FFDC). IBM X-Force ID: 91149.
Categories: Security News

CVE-2018-8716

Wed, 04/25/2018 - 16:29
WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.
Categories: Security News

CVE-2018-9101

Wed, 04/25/2018 - 16:29
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
Categories: Security News

CVE-2018-9102

Wed, 04/25/2018 - 16:29
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database.
Categories: Security News

CVE-2018-9103

Wed, 04/25/2018 - 16:29
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
Categories: Security News

CVE-2018-9104

Wed, 04/25/2018 - 16:29
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts.
Categories: Security News

CVE-2018-10206

Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request.
Categories: Security News

CVE-2018-10207

Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format.
Categories: Security News

CVE-2018-10208

Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI.
Categories: Security News

CVE-2018-10209

Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name.
Categories: Security News

CVE-2018-10210

Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature.
Categories: Security News

CVE-2018-10211

Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultize_session_id" value in a cookie.
Categories: Security News

CVE-2018-10212

Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value.
Categories: Security News

CVE-2018-10213

Wed, 04/25/2018 - 14:29
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it.
Categories: Security News

CVE-2014-5014

Wed, 04/25/2018 - 13:29
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.
Categories: Security News

CVE-2017-12712

Wed, 04/25/2018 - 09:29
The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
Categories: Security News

CVE-2017-12714

Wed, 04/25/2018 - 09:29
Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
Categories: Security News

CVE-2017-12716

Wed, 04/25/2018 - 09:29
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
Categories: Security News

CVE-2017-1750

Wed, 04/25/2018 - 09:29
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135523.
Categories: Security News

Pages