CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2018(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2751 CVE-2017-2640 787 Exec Code 2018-07-27 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
2752 CVE-2017-2630 119 Exec Code Overflow 2018-07-27 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
A stack buffer overflow flaw was found in the Quick Emulator (QEMU) before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process.
2753 CVE-2017-2620 125 Exec Code 2018-07-27 2018-09-07
9.0
None Remote Low Single system Complete Complete Complete
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
2754 CVE-2017-2617 434 Exec Code 2018-05-22 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
2755 CVE-2017-2615 125 Exec Code 2018-07-02 2018-09-07
9.0
None Remote Low Single system Complete Complete Complete
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
2756 CVE-2017-2608 502 Exec Code 2018-05-15 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
2757 CVE-2017-2581 787 Exec Code 2018-07-27 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.
2758 CVE-2017-2580 787 Exec Code 2018-07-27 2019-06-24
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.
2759 CVE-2017-2579 125 Exec Code 2018-07-27 2019-06-24
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution.
2760 CVE-2017-1789 94 Exec Code 2018-03-22 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.
2761 CVE-2017-1755 Exec Code 2018-08-06 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855.
2762 CVE-2017-1753 94 Exec Code 2018-08-20 2019-10-09
3.5
None Remote Medium Single system None Partial None
Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.
2763 CVE-2017-1721 94 Exec Code 2018-04-26 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.
2764 CVE-2017-1720 77 Exec Code 2018-02-13 2018-03-01
4.6
None Local Low Not required Partial Partial Partial
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.
2765 CVE-2017-1677 502 Exec Code Sql 2018-03-22 2018-07-06
4.6
None Local Low Not required Partial Partial Partial
IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.
2766 CVE-2017-1612 Exec Code 2018-01-09 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953.
2767 CVE-2017-1499 434 Exec Code 2018-02-14 2018-03-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
2768 CVE-2017-1329 94 Exec Code 2018-07-06 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231.
2769 CVE-2017-1248 94 Exec Code 2018-07-06 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628.
2770 CVE-2017-1242 94 Exec Code 2018-07-06 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524.
2771 CVE-2017-1115 74 Exec Code 2018-09-07 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153.
2772 CVE-2017-1085 119 Exec Code Overflow 2018-09-12 2018-11-23
7.2
None Local Low Not required Complete Complete Complete
In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context.
2773 CVE-2017-0918 22 Exec Code Dir. Trav. 2018-03-21 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
2774 CVE-2017-0916 20 Exec Code 2018-03-21 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
2775 CVE-2017-0915 20 Exec Code 2018-03-21 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
2776 CVE-2017-0869 190 Exec Code Overflow 2018-01-12 2018-02-01
7.2
None Local Low Not required Complete Complete Complete
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869.
2777 CVE-2016-1000030 295 Exec Code 2018-09-05 2018-11-14
7.5
None Remote Low Not required Partial Partial Partial
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
2778 CVE-2016-10722 119 Exec Code Overflow 2018-05-02 2019-10-04
7.5
None Remote Low Not required Partial Partial Partial
partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application.
2779 CVE-2016-10721 119 Exec Code Overflow 2018-05-02 2018-06-06
7.5
None Remote Low Not required Partial Partial Partial
partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application.
2780 CVE-2016-10709 78 Exec Code 2018-01-21 2018-02-09
9.0
None Remote Low Single system Complete Complete Complete
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
2781 CVE-2016-10698 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2782 CVE-2016-10697 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2783 CVE-2016-10696 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2784 CVE-2016-10695 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2785 CVE-2016-10694 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
2786 CVE-2016-10693 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2787 CVE-2016-10692 310 Exec Code 2018-06-04 2018-07-11
9.3
None Remote Medium Not required Complete Complete Complete
haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2788 CVE-2016-10691 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2789 CVE-2016-10690 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2790 CVE-2016-10689 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2791 CVE-2016-10688 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2792 CVE-2016-10687 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2793 CVE-2016-10686 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2794 CVE-2016-10685 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2795 CVE-2016-10684 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2796 CVE-2016-10683 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2797 CVE-2016-10682 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2798 CVE-2016-10681 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2799 CVE-2016-10679 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
2800 CVE-2016-10678 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
Total number of vulnerabilities : 3041   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 (This Page)57 58 59 60 61
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.