NVD Vulnerabilities

Subscribe to NVD Vulnerabilities feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 4 hours 44 min ago

CVE-2018-0848

Mon, 01/22/2018 - 18:29
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
Categories: NVD

CVE-2018-0849

Mon, 01/22/2018 - 18:29
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
Categories: NVD

CVE-2018-0862

Mon, 01/22/2018 - 18:29
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
Categories: NVD

CVE-2018-6009

Mon, 01/22/2018 - 17:29
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
Categories: NVD

CVE-2018-6010

Mon, 01/22/2018 - 17:29
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode, related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
Categories: NVD

CVE-2018-5999

Mon, 01/22/2018 - 15:29
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
Categories: NVD

CVE-2018-6000

Mon, 01/22/2018 - 15:29
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.
Categories: NVD

CVE-2018-6001

Mon, 01/22/2018 - 15:29
The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter).
Categories: NVD

CVE-2018-6002

Mon, 01/22/2018 - 15:29
The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter).
Categories: NVD

CVE-2018-6003

Mon, 01/22/2018 - 15:29
An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS.
Categories: NVD

CVE-2018-1000002

Mon, 01/22/2018 - 13:29
Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
Categories: NVD

CVE-2018-1000003

Mon, 01/22/2018 - 13:29
Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
Categories: NVD

CVE-2018-5761

Mon, 01/22/2018 - 12:29
A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter.
Categories: NVD

CVE-2017-17858

Mon, 01/22/2018 - 10:29
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.
Categories: NVD

CVE-2018-1042

Mon, 01/22/2018 - 03:29
Moodle 3.x has Server Side Request Forgery in the filepicker.
Categories: NVD

CVE-2018-1043

Mon, 01/22/2018 - 03:29
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
Categories: NVD

CVE-2018-1044

Mon, 01/22/2018 - 03:29
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.
Categories: NVD

CVE-2018-1045

Mon, 01/22/2018 - 03:29
In Moodle 3.x, there is XSS via a calendar event name.
Categories: NVD

CVE-2016-10709

Sun, 01/21/2018 - 23:29
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
Categories: NVD

CVE-2017-18047

Sun, 01/21/2018 - 23:29
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
Categories: NVD