National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 23 hours 47 min ago

CVE-2018-6202

Wed, 01/24/2018 - 23:29
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8.
Categories: Security News

CVE-2018-6203

Wed, 01/24/2018 - 23:29
In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C.
Categories: Security News

CVE-2018-6204

Wed, 01/24/2018 - 23:29
In Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.
Categories: Security News

CVE-2018-6205

Wed, 01/24/2018 - 23:29
In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220009.
Categories: Security News

CVE-2018-6206

Wed, 01/24/2018 - 23:29
In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220011.
Categories: Security News

CVE-2018-6207

Wed, 01/24/2018 - 23:29
In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.
Categories: Security News

CVE-2018-6208

Wed, 01/24/2018 - 23:29
In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22000d.
Categories: Security News

CVE-2018-6209

Wed, 01/24/2018 - 23:29
In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220019.
Categories: Security News

CVE-2017-15546

Wed, 01/24/2018 - 22:29
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database.
Categories: Security News

CVE-2018-5443

Wed, 01/24/2018 - 22:29
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
Categories: Security News

CVE-2018-5445

Wed, 01/24/2018 - 22:29
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
Categories: Security News

CVE-2018-6196

Wed, 01/24/2018 - 22:29
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.
Categories: Security News

CVE-2018-6197

Wed, 01/24/2018 - 22:29
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
Categories: Security News

CVE-2018-6198

Wed, 01/24/2018 - 22:29
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
Categories: Security News

CVE-2017-1000502

Wed, 01/24/2018 - 18:29
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators.
Categories: Security News

CVE-2017-1000503

Wed, 01/24/2018 - 18:29
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.
Categories: Security News

CVE-2017-1000504

Wed, 01/24/2018 - 18:29
A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Please wait while Jenkins is getting ready to work' message
Categories: Security News

CVE-2018-1000006

Wed, 01/24/2018 - 18:29
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.
Categories: Security News

CVE-2018-1047

Wed, 01/24/2018 - 18:29
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
Categories: Security News

CVE-2018-1048

Wed, 01/24/2018 - 18:29
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files.
Categories: Security News

Pages