NVD Vulnerabilities

Subscribe to NVD Vulnerabilities feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 2 hours 59 min ago

CVE-2017-3774

Thu, 04/19/2018 - 10:29
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
Categories: NVD

CVE-2017-3776

Thu, 04/19/2018 - 10:29
Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information.
Categories: NVD

CVE-2018-10188

Thu, 04/19/2018 - 10:29
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
Categories: NVD

CVE-2018-7899

Thu, 04/19/2018 - 10:29
The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot.
Categories: NVD

CVE-2018-7920

Thu, 04/19/2018 - 10:29
Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the socket resource of management interface, leading to a DoS condition.
Categories: NVD

CVE-2018-1143

Thu, 04/19/2018 - 09:29
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.
Categories: NVD

CVE-2018-1144

Thu, 04/19/2018 - 09:29
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
Categories: NVD

CVE-2018-1145

Thu, 04/19/2018 - 09:29
A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
Categories: NVD

CVE-2018-1146

Thu, 04/19/2018 - 09:29
A remote unauthenticated user can enabled telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access.
Categories: NVD

CVE-2018-6306

Thu, 04/19/2018 - 09:29
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.
Categories: NVD

CVE-2017-18261

Thu, 04/19/2018 - 04:29
The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.
Categories: NVD

CVE-2018-10205

Thu, 04/19/2018 - 04:29
hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker.
Categories: NVD

CVE-2018-10219

Thu, 04/19/2018 - 04:29
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.
Categories: NVD

CVE-2018-10220

Thu, 04/19/2018 - 04:29
** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation.
Categories: NVD

CVE-2018-10221

Thu, 04/19/2018 - 04:29
An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload.
Categories: NVD

CVE-2018-10222

Thu, 04/19/2018 - 04:29
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
Categories: NVD

CVE-2018-10223

Thu, 04/19/2018 - 04:29
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.
Categories: NVD

CVE-2018-10224

Thu, 04/19/2018 - 04:29
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add a tag via /index.php/admin/tag/add.html.
Categories: NVD

CVE-2018-10225

Thu, 04/19/2018 - 04:29
thinkphp 3.1.3 has SQL Injection via the index.php s parameter.
Categories: NVD

CVE-2018-10227

Thu, 04/19/2018 - 04:29
MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter.
Categories: NVD