CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2018-6342 352 Exec Code CSRF 2018-12-31 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2.
1502 CVE-2018-6336 254 Exec Code 2018-12-31 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7
1503 CVE-2018-6333 20 Exec Code 2018-12-31 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0.
1504 CVE-2018-6331 502 Exec Code 2018-12-31 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.
1505 CVE-2018-6329 89 Exec Code Sql Bypass 2018-03-14 2018-12-01
7.5
None Remote Low Not required Partial Partial Partial
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection, allowing a remote attacker to place a privilege escalation exploit on the target system and subsequently execute arbitrary commands.
1506 CVE-2018-6307 416 Exec Code 2018-12-19 2019-01-09
7.5
None Remote Low Not required Partial Partial Partial
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution.
1507 CVE-2018-6306 426 Exec Code 2018-04-19 2018-05-22
6.8
None Remote Medium Not required Partial Partial Partial
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.
1508 CVE-2018-6298 20 Exec Code 2018-03-13 2018-04-09
10.0
None Remote Low Not required Complete Complete Complete
Remote code execution in Hanwha Techwin Smartcams
1509 CVE-2018-6292 Exec Code 2018-02-13 2019-10-02
10.0
Admin Remote Low Not required Complete Complete Complete
Remote Code Execution in Saperion Web Client version 7.5.2 83166.
1510 CVE-2018-6289 74 Exec Code 2018-02-06 2018-02-23
10.0
None Remote Low Not required Complete Complete Complete
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.
1511 CVE-2018-6261 276 DoS Exec Code 2018-10-02 2019-10-02
4.4
None Local Medium Not required Partial Partial Partial
NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access.
1512 CVE-2018-6251 119 DoS Exec Code Overflow 2018-04-02 2018-05-11
7.2
None Local Low Not required Complete Complete Complete
NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where a specially crafted pixel shader can cause writing to unallocated memory, leading to denial of service or potential code execution.
1513 CVE-2018-6242 119 Exec Code Overflow 2018-05-01 2018-06-13
7.2
None Local Low Not required Complete Complete Complete
Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code.
1514 CVE-2018-6236 362 Exec Code 2018-05-25 2018-06-28
6.9
None Local Medium Not required Complete Complete Complete
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
1515 CVE-2018-6235 787 Exec Code 2018-05-25 2018-06-28
7.2
None Local Low Not required Complete Complete Complete
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
1516 CVE-2018-6234 125 Exec Code +Info 2018-05-25 2018-06-28
2.1
None Local Low Not required Partial None None
An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
1517 CVE-2018-6233 120 Exec Code Overflow 2018-05-25 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
1518 CVE-2018-6232 120 Exec Code Overflow 2018-05-25 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
1519 CVE-2018-6230 89 Exec Code Sql 2018-03-15 2018-04-04
8.3
None Local Network Low Not required Complete Complete Complete
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
1520 CVE-2018-6229 89 Exec Code Sql 2018-03-15 2018-04-04
10.0
None Remote Low Not required Complete Complete Complete
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
1521 CVE-2018-6228 89 Exec Code Sql 2018-03-15 2018-04-04
10.0
None Remote Low Not required Complete Complete Complete
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
1522 CVE-2018-6222 78 Exec Code 2018-03-15 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system.
1523 CVE-2018-6220 74 Exec Code 2018-03-15 2018-04-04
7.5
None Remote Low Not required Partial Partial Partial
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.
1524 CVE-2018-6186 918 Exec Code +Priv 2018-02-01 2018-03-02
9.0
None Remote Low Single system Complete Complete Complete
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
1525 CVE-2018-6101 20 Exec Code 2018-12-04 2019-01-09
5.1
None Remote High Not required Partial Partial Partial
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
1526 CVE-2018-6092 190 Exec Code Overflow 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
1527 CVE-2018-6090 190 Exec Code Overflow 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
1528 CVE-2018-6088 20 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
1529 CVE-2018-6087 416 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
1530 CVE-2018-6086 416 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
1531 CVE-2018-6085 20 Exec Code 2018-12-04 2019-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
1532 CVE-2018-6021 78 Exec Code 2018-05-09 2018-06-13
6.5
None Remote Low Single system Partial Partial Partial
Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution.
1533 CVE-2018-5997 434 Exec Code 2018-01-25 2018-02-12
10.0
Admin Remote Low Not required Complete Complete Complete
An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root.
1534 CVE-2018-5996 119 DoS Exec Code Overflow Mem. Corr. 2018-01-31 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
1535 CVE-2018-5968 184 Exec Code Bypass 2018-01-21 2019-09-26
5.1
None Remote High Not required Partial Partial Partial
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
1536 CVE-2018-5925 119 Exec Code Overflow 2018-08-13 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.
1537 CVE-2018-5924 119 Exec Code Overflow 2018-08-13 2018-10-23
7.5
None Remote Low Not required Partial Partial Partial
A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution.
1538 CVE-2018-5809 119 Exec Code Overflow 2018-12-07 2018-12-28
6.8
None Remote Medium Not required Partial Partial Partial
An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
1539 CVE-2018-5808 119 Exec Code Overflow 2018-12-07 2019-03-29
6.8
None Remote Medium Not required Partial Partial Partial
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
1540 CVE-2018-5782 94 Exec Code 2018-03-14 2019-04-26
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
1541 CVE-2018-5781 94 Exec Code 2018-03-14 2018-09-07
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
1542 CVE-2018-5780 94 Exec Code 2018-03-14 2018-09-07
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
1543 CVE-2018-5779 94 Exec Code 2018-03-14 2018-09-07
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application.
1544 CVE-2018-5778 89 Exec Code Sql 2018-01-24 2018-02-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Multiple SQL injection vulnerabilities are present in the legacy .ASP pages, which could allow attackers to execute arbitrary SQL commands via unspecified vectors.
1545 CVE-2018-5777 Exec Code 2018-01-24 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors.
1546 CVE-2018-5768 798 Exec Code 2018-03-20 2018-04-18
10.0
None Remote Low Not required Complete Complete Complete
A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header.
1547 CVE-2018-5767 20 Exec Code 2018-02-15 2018-03-15
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
1548 CVE-2018-5749 434 Exec Code 2018-01-23 2018-02-15
10.0
None Remote Low Not required Complete Complete Complete
install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the (1) database_server, (2) database_user, (3) database_password, or (4) database_name parameter.
1549 CVE-2018-5721 119 Exec Code Overflow 2018-01-17 2018-02-02
6.5
None Remote Low Single system Partial Partial Partial
Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated attackers to execute code via a request that updates a setting. In ej_update_variables, the length of the variable action_script is not checked, as long as it includes a "_wan_if" substring.
1550 CVE-2018-5705 79 Exec Code XSS 2018-01-24 2018-02-09
4.3
None Remote Medium Not required None Partial None
Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.
Total number of vulnerabilities : 3041   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.