National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 23 hours 46 min ago

CVE-2017-12179

Wed, 01/24/2018 - 10:29
xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Categories: Security News

CVE-2017-12180

Wed, 01/24/2018 - 10:29
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Categories: Security News

CVE-2017-12181

Wed, 01/24/2018 - 10:29
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Categories: Security News

CVE-2017-12182

Wed, 01/24/2018 - 10:29
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Categories: Security News

CVE-2017-12183

Wed, 01/24/2018 - 10:29
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Categories: Security News

CVE-2017-12184

Wed, 01/24/2018 - 10:29
xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Categories: Security News

CVE-2017-12185

Wed, 01/24/2018 - 10:29
xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Categories: Security News

CVE-2017-12186

Wed, 01/24/2018 - 10:29
xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Categories: Security News

CVE-2017-12187

Wed, 01/24/2018 - 10:29
xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.
Categories: Security News

CVE-2017-1000475

Wed, 01/24/2018 - 09:29
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
Categories: Security News

CVE-2017-15718

Wed, 01/24/2018 - 09:29
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Categories: Security News

CVE-2017-1769

Wed, 01/24/2018 - 09:29
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.
Categories: Security News

CVE-2018-1000018

Wed, 01/24/2018 - 09:29
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
Categories: Security News

CVE-2018-6184

Wed, 01/24/2018 - 05:29
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
Categories: Security News

CVE-2018-6187

Wed, 01/24/2018 - 05:29
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.
Categories: Security News

CVE-2017-18075

Wed, 01/24/2018 - 05:29
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
Categories: Security News

CVE-2018-5969

Wed, 01/24/2018 - 05:29
Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.
Categories: Security News

CVE-2018-5972

Wed, 01/24/2018 - 05:29
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
Categories: Security News

CVE-2018-5976

Wed, 01/24/2018 - 05:29
Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password.
Categories: Security News

CVE-2018-5977

Wed, 01/24/2018 - 05:29
SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.
Categories: Security News

Pages