National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 19 hours 12 sec ago

CVE-2018-1999019

Mon, 07/23/2018 - 11:29
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.
Categories: Security News

CVE-2018-1999020

Mon, 07/23/2018 - 11:29
Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overwrite). This attack appear to be exploitable via a specially crafted zip file should be uploaded.
Categories: Security News

CVE-2018-1999021

Mon, 07/23/2018 - 11:29
Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) vulnerability in Profile page that can result in Inject arbitrary web script or HTML via the profile page editor. This attack appear to be exploitable via The victim must navigate to the attacker's profile page.
Categories: Security News

CVE-2018-6683

Mon, 07/23/2018 - 11:29
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
Categories: Security News

CVE-2018-14562

Mon, 07/23/2018 - 10:29
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cb_model.h.
Categories: Security News

CVE-2018-14563

Mon, 07/23/2018 - 10:29
An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to memory corruption.
Categories: Security News

CVE-2018-14564

Mon, 07/23/2018 - 10:29
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.
Categories: Security News

CVE-2018-14565

Mon, 07/23/2018 - 10:29
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A heap-based buffer over-read can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.
Categories: Security News

CVE-2018-1503

Mon, 07/23/2018 - 09:29
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.
Categories: Security News

CVE-2018-1513

Mon, 07/23/2018 - 09:29
IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141551.
Categories: Security News

CVE-2018-6677

Mon, 07/23/2018 - 09:29
Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors.
Categories: Security News

CVE-2018-6678

Mon, 07/23/2018 - 09:29
Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors.
Categories: Security News

CVE-2018-14512

Mon, 07/23/2018 - 04:29
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered.
Categories: Security News

CVE-2018-14513

Mon, 07/23/2018 - 04:29
An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=feedback&f=index&v=contact URI.
Categories: Security News

CVE-2018-14514

Mon, 07/23/2018 - 04:29
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.
Categories: Security News

CVE-2018-14515

Mon, 07/23/2018 - 04:29
A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.
Categories: Security News

CVE-2018-14517

Mon, 07/23/2018 - 04:29
SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields.
Categories: Security News

CVE-2018-14521

Mon, 07/23/2018 - 04:29
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.
Categories: Security News

CVE-2018-14522

Mon, 07/23/2018 - 04:29
An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
Categories: Security News

CVE-2018-14523

Mon, 07/23/2018 - 04:29
An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.
Categories: Security News

Pages