National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 23 hours 8 min ago

CVE-2018-1418

Thu, 04/26/2018 - 10:29
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.
Categories: Security News

CVE-2018-6518

Thu, 04/26/2018 - 10:29
Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php.
Categories: Security News

CVE-2018-10425

Thu, 04/26/2018 - 03:29
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because SetParent is not properly considered.
Categories: Security News

CVE-2018-8974

Thu, 04/26/2018 - 02:29
Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Source<script type="text/javascript" src=' line.
Categories: Security News

CVE-2018-9113

Thu, 04/26/2018 - 02:29
Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial '><script type="text/javascript" src=' line.
Categories: Security News

CVE-2018-10391

Thu, 04/26/2018 - 01:29
An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI.
Categories: Security News

CVE-2018-10392

Thu, 04/26/2018 - 01:29
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
Categories: Security News

CVE-2018-10393

Thu, 04/26/2018 - 01:29
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.
Categories: Security News

CVE-2018-10422

Thu, 04/26/2018 - 01:29
An issue was discovered in HongCMS 3.0.0. The post news feature has Stored XSS via the content field.
Categories: Security News

CVE-2018-10423

Thu, 04/26/2018 - 01:29
mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a directory listing of the top-level directory of the web root via a link that becomes available after posting an article.
Categories: Security News

CVE-2018-10424

Thu, 04/26/2018 - 01:29
mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via a modified id field.
Categories: Security News

CVE-2018-10381

Wed, 04/25/2018 - 20:29
TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "TunnelBearMaintenance" service. This service establishes a NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly exposed methods. The "OpenVPNConnect" method accepts a server list argument that provides attacker control of the OpenVPN command line. An attacker can specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user.
Categories: Security News

CVE-2018-8833

Wed, 04/25/2018 - 19:29
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
Categories: Security News

CVE-2018-8835

Wed, 04/25/2018 - 19:29
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
Categories: Security News

CVE-2018-8837

Wed, 04/25/2018 - 19:29
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.
Categories: Security News

CVE-2017-6888

Wed, 04/25/2018 - 17:29
An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.
Categories: Security News

CVE-2018-1335

Wed, 04/25/2018 - 17:29
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
Categories: Security News

CVE-2018-1338

Wed, 04/25/2018 - 17:29
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.
Categories: Security News

CVE-2018-1339

Wed, 04/25/2018 - 17:29
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.
Categories: Security News

CVE-2018-5226

Wed, 04/25/2018 - 17:29
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability.
Categories: Security News

Pages