NVD: all CVE

Subscribe to NVD: all CVE hírcsatorna
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Frissítve: 2 óra 9 perc
2019. augusztus 16.

CVE-2017-18542

The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.
2019. augusztus 16.

CVE-2017-18543

The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations.
2019. augusztus 16.

CVE-2017-18544

The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.
2019. augusztus 16.

CVE-2017-18545

The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input.
2019. augusztus 16.

CVE-2017-18546

The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.
2019. augusztus 16.

CVE-2019-8063

Creative Cloud Desktop Application 4.6.1 and earlier versions have an insecure transmission of sensitive data vulnerability. Successful exploitation could lead to information leakage.
2019. augusztus 16.

CVE-2019-7957

Creative Cloud Desktop Application versions 4.6.1 and earlier have a security bypass vulnerability. Successful exploitation could lead to denial of service.
2019. augusztus 16.

CVE-2019-7958

Creative Cloud Desktop Application versions 4.6.1 and earlier have an insecure inherited permissions vulnerability. Successful exploitation could lead to privilege escalation.
2019. augusztus 16.

CVE-2019-7959

Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution.
2019. augusztus 16.

CVE-2019-7964

Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.
2019. augusztus 16.

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
2019. augusztus 16.

CVE-2019-15119

lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permissions for /usr/local/bin/nps and/or /usr/bin/nps, leading to a file overwrite by a local user.
2019. augusztus 16.

CVE-2019-15120

The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.
2019. augusztus 16.

CVE-2019-15118

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
2019. augusztus 16.

CVE-2015-9325

The visitors-online plugin before 0.4 for WordPress has SQL injection.
2019. augusztus 16.

CVE-2015-9326

The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
2019. augusztus 16.

CVE-2016-10904

The olimometer plugin before 2.57 for WordPress has SQL injection.
2019. augusztus 16.

CVE-2017-18548

The note-press plugin before 0.1.2 for WordPress has SQL injection.
2019. augusztus 16.

CVE-2018-13884

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
2019. augusztus 16.

CVE-2019-15117

parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.