NVD Vulnerabilities

Subscribe to NVD Vulnerabilities feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 2 hours 30 min ago

CVE-2018-19935

Fri, 12/07/2018 - 04:29
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
Categories: NVD

CVE-2018-19939

Fri, 12/07/2018 - 04:29
The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in kfree after a kmalloc failure in gtp_read_Color in drivers/input/touchscreen/gt917d/gt9xx.c.
Categories: NVD

CVE-2018-19931

Fri, 12/07/2018 - 02:29
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.
Categories: NVD

CVE-2018-19932

Fri, 12/07/2018 - 02:29
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.
Categories: NVD

CVE-2018-16601

Thu, 12/06/2018 - 18:29
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.
Categories: NVD

CVE-2018-16602

Thu, 12/06/2018 - 18:29
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.
Categories: NVD

CVE-2018-16603

Thu, 12/06/2018 - 18:29
An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.
Categories: NVD

CVE-2018-19659

Thu, 12/06/2018 - 18:29
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/net_WebPingGetValue can result in running OS commands as the root user. This is similar to CVE-2017-12120.
Categories: NVD

CVE-2018-19660

Thu, 12/06/2018 - 18:29
An exploitable authenticated command-injection vulnerability exists in the web server functionality of Moxa NPort W2x50A products with firmware before 2.2 Build_18082311. A specially crafted HTTP POST request to /goform/webSettingProfileSecurity can result in running OS commands as the root user.
Categories: NVD

CVE-2018-19665

Thu, 12/06/2018 - 18:29
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
Categories: NVD

CVE-2018-19923

Thu, 12/06/2018 - 18:29
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is member/member_email.php?action=edit CSRF.
Categories: NVD

CVE-2018-19924

Thu, 12/06/2018 - 18:29
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.
Categories: NVD

CVE-2018-19925

Thu, 12/06/2018 - 18:29
An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter.
Categories: NVD

CVE-2018-19926

Thu, 12/06/2018 - 18:29
Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.
Categories: NVD

CVE-2018-19927

Thu, 12/06/2018 - 18:29
Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. The password of alphaadmin for the admin account may be used for authentication in some cases.
Categories: NVD

CVE-2018-6755

Thu, 12/06/2018 - 18:29
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Categories: NVD

CVE-2018-6756

Thu, 12/06/2018 - 18:29
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
Categories: NVD

CVE-2018-6757

Thu, 12/06/2018 - 18:29
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
Categories: NVD

CVE-2018-16522

Thu, 12/06/2018 - 18:29
Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.
Categories: NVD

CVE-2018-16523

Thu, 12/06/2018 - 18:29
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.
Categories: NVD