NVD Vulnerabilities

Subscribe to NVD Vulnerabilities feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 4 hours 49 min ago

CVE-2017-2743

6 hours 55 min ago
HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.
Categories: NVD

CVE-2017-2744

6 hours 55 min ago
The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1.
Categories: NVD

CVE-2017-2745

6 hours 55 min ago
Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser.
Categories: NVD

CVE-2017-2746

6 hours 55 min ago
Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to create a denial of service.
Categories: NVD

CVE-2017-2747

6 hours 55 min ago
HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.
Categories: NVD

CVE-2017-2750

6 hours 55 min ago
Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code in HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers before 2308937_578479, 2405087_018548, and other firmware versions.
Categories: NVD

CVE-2018-5950

6 hours 55 min ago
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Categories: NVD

CVE-2017-15105

6 hours 55 min ago
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
Categories: NVD

CVE-2017-15107

6 hours 55 min ago
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.
Categories: NVD

CVE-2017-2740

6 hours 55 min ago
A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.
Categories: NVD

CVE-2017-2741

6 hours 55 min ago
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
Categories: NVD

CVE-2017-2742

6 hours 55 min ago
A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service.
Categories: NVD

CVE-2017-15090

7 hours 55 min ago
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
Categories: NVD

CVE-2017-15091

7 hours 55 min ago
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.
Categories: NVD

CVE-2017-15092

7 hours 55 min ago
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.
Categories: NVD

CVE-2017-15093

7 hours 55 min ago
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.
Categories: NVD

CVE-2017-15094

7 hours 55 min ago
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).
Categories: NVD

CVE-2015-1142857

8 hours 55 min ago
On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.
Categories: NVD

CVE-2018-1000008

8 hours 55 min ago
Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
Categories: NVD

CVE-2018-1000009

8 hours 55 min ago
Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
Categories: NVD