CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Search

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-0585 20 Exec Code 2019-01-08 2019-01-15
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsoft Office Online Server, Microsoft Word, Microsoft SharePoint Server.
2 CVE-2019-0541 20 Exec Code 2019-01-08 2019-01-14
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.
3 CVE-2018-1999018 20 Exec Code 2018-07-23 2018-09-20
8.5
None Remote Medium Single system Complete Complete Complete
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution (RCE) vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow($nodeObject) that can result in An attacker gaining admin access and can then execute arbitrary commands on the underlying OS. This attack appear to be exploitable via The attacker edits the Antivirus Command in the antivirus plugin, and executes the payload by uploading any file within Pydio.
4 CVE-2018-19864 20 DoS Exec Code Overflow 2018-12-05 2018-12-26
10.0
None Remote Low Not required Complete Complete Complete
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
5 CVE-2018-18850 20 Exec Code 2018-10-30 2018-12-31
9.0
None Remote Low Single system Complete Complete Complete
In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially allowing for remote execution of arbitrary code, running in the same context as the Octopus Server (for self-hosted installations by default, SYSTEM).
6 CVE-2018-16752 20 Exec Code 2018-09-20 2018-12-10
9.0
None Remote Low Single system Complete Complete Complete
LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases.
7 CVE-2018-15422 20 Exec Code 2018-10-05 2018-11-27
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
8 CVE-2018-15421 20 Exec Code 2018-10-05 2018-11-21
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
9 CVE-2018-15420 20 Exec Code 2018-10-05 2018-11-27
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
10 CVE-2018-15419 20 Exec Code 2018-10-05 2018-11-27
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
11 CVE-2018-15418 20 Exec Code 2018-10-05 2018-11-27
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
12 CVE-2018-15417 20 Exec Code 2018-10-05 2018-11-26
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
13 CVE-2018-15416 20 Exec Code 2018-10-05 2018-11-26
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
14 CVE-2018-15415 20 Exec Code 2018-10-05 2018-11-26
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
15 CVE-2018-15414 20 Exec Code 2018-10-05 2018-11-26
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
16 CVE-2018-15413 20 Exec Code 2018-10-05 2018-11-21
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
17 CVE-2018-15412 20 Exec Code 2018-10-05 2018-11-21
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
18 CVE-2018-15408 20 Exec Code 2018-10-05 2018-11-21
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system.
19 CVE-2018-14923 20 Exec Code 2018-08-03 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback.
20 CVE-2018-14654 20 2018-10-31 2018-12-31
8.5
None Remote Low Single system None Complete Complete
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.
21 CVE-2018-14009 20 Exec Code 2018-07-12 2018-09-06
10.0
None Remote Low Not required Complete Complete Complete
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
22 CVE-2018-12941 20 Exec Code 2018-07-31 2018-10-09
9.0
None Remote Low Single system Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to the Settings functionality, to inject arbitrary system commands within the application by manipulating the "Cache directory" path. An attacker can use it to perform malicious tasks such as to extract, change, or delete sensitive information or run system commands on the underlying operating system.
23 CVE-2018-12313 20 Exec Code 2018-12-04 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
24 CVE-2018-11808 20 2018-06-05 2018-08-06
10.0
None Remote Low Not required Complete Complete Complete
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.
25 CVE-2018-11776 20 Exec Code 2018-08-22 2019-01-16
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
26 CVE-2018-11316 20 2018-07-03 2018-09-11
9.3
None Remote Medium Not required Complete Complete Complete
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
27 CVE-2018-11314 20 2018-07-03 2018-09-11
9.3
None Remote Medium Not required Complete Complete Complete
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.
28 CVE-2018-11287 20 2018-09-20 2018-11-23
10.0
None Remote Low Not required Complete Complete Complete
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency.
29 CVE-2018-10616 20 2018-07-18 2018-09-14
9.3
None Remote Medium Not required Complete Complete Complete
ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used.
30 CVE-2018-9141 20 Exec Code 2018-03-30 2018-04-19
9.3
None Remote Medium Not required Complete Complete Complete
On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.
31 CVE-2018-9023 20 Exec Code Bypass 2018-06-18 2018-08-09
9.0
None Remote Low Single system Complete Complete Complete
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script.
32 CVE-2018-8930 20 2018-03-22 2018-05-09
9.3
None Remote Medium Not required Complete Complete Complete
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3.
33 CVE-2018-8869 20 2018-05-04 2018-06-07
10.0
None Remote Low Not required Complete Complete Complete
In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
34 CVE-2018-8582 20 Exec Code 2018-11-13 2018-12-14
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.
35 CVE-2018-8540 20 Exec Code 2018-12-11 2019-01-04
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2.
36 CVE-2018-8423 20 Exec Code 2018-10-10 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
37 CVE-2018-8421 20 Exec Code 2018-09-12 2018-11-05
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.
38 CVE-2018-8414 20 Exec Code 2018-08-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
39 CVE-2018-8413 20 Exec Code 2018-10-10 2018-12-03
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
40 CVE-2018-8284 20 Exec Code 2018-07-10 2018-09-07
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
41 CVE-2018-8176 20 Exec Code 2018-05-23 2018-06-05
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office.
42 CVE-2018-8172 20 Exec Code 2018-07-10 2018-09-11
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
43 CVE-2018-8115 20 Exec Code 2018-05-02 2018-06-13
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute.
44 CVE-2018-8007 20 Exec Code +Priv Bypass 2018-07-11 2018-12-16
9.0
None Remote Low Single system Complete Complete Complete
Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2.
45 CVE-2018-7923 20 Exec Code 2018-09-12 2018-11-20
9.3
None Remote Medium Not required Complete Complete Complete
Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code.
46 CVE-2018-7922 20 Exec Code 2018-09-12 2018-11-20
9.3
None Remote Medium Not required Complete Complete Complete
Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code.
47 CVE-2018-7187 20 Exec Code 2018-02-16 2018-10-21
9.3
User Remote Medium Not required Complete Complete Complete
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.
48 CVE-2018-7104 20 Exec Code 2018-09-27 2018-11-16
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.
49 CVE-2018-7103 20 Exec Code 2018-09-27 2018-11-16
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02.
50 CVE-2018-6476 20 2018-01-31 2018-02-13
10.0
None Remote Low Not required Complete Complete Complete
In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating input values from IOCtl 0x9C402114 or 0x9C402124 or 0x9C40207c.
51 CVE-2018-6298 20 Exec Code 2018-03-13 2018-04-09
10.0
None Remote Low Not required Complete Complete Complete
Remote code execution in Hanwha Techwin Smartcams
52 CVE-2018-6140 20 Exec Code 2019-01-09 2019-01-16
9.3
None Remote Medium Not required Complete Complete Complete
Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.
53 CVE-2018-5447 20 2018-01-25 2018-02-12
10.0
None Remote Low Not required Complete Complete Complete
An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system.
54 CVE-2018-5224 20 Exec Code 2018-03-29 2018-04-24
9.0
None Remote Low Single system Complete Complete Complete
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability.
55 CVE-2018-4851 20 2018-07-03 2018-08-28
8.5
None Remote Low Not required None Partial Complete
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed.
56 CVE-2018-4254 20 2019-01-11 2019-01-16
10.0
None Remote Low Not required Complete Complete Complete
In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation.
57 CVE-2018-4097 20 Exec Code 2018-04-03 2018-04-27
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
58 CVE-2018-1161 20 Exec Code 2018-02-08 2018-02-22
10.0
None Remote Low Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4215.
59 CVE-2018-0387 20 Exec Code 2018-07-18 2018-09-18
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250.
60 CVE-2018-0349 20 2018-07-18 2018-09-19
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.
61 CVE-2018-0345 20 Exec Code 2018-07-18 2018-09-19
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937.
62 CVE-2018-0303 20 DoS Exec Code Overflow 2018-06-21 2018-08-20
8.3
None Local Network Low Not required Complete Complete Complete
A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. This vulnerability affects the following if configured to use Cisco Discovery Protocol: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc22202, CSCvc22205, CSCvc22208, CSCvc88078, CSCvc88150, CSCvc88159, CSCvc88162, CSCvc88167.
63 CVE-2018-0301 20 Exec Code Overflow 2018-06-20 2018-08-21
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the NX-API subsystem. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled. An exploit could allow the attacker to execute arbitrary code as root. Note: NX-API is disabled by default. This vulnerability affects: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd45804, CSCve02322, CSCve02412.
64 CVE-2018-0253 20 Exec Code 2018-05-02 2018-06-13
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. This vulnerability affects all releases of Cisco Secure ACS prior to Release 5.8 Patch 7. Cisco Bug IDs: CSCve69037.
65 CVE-2018-0171 20 DoS Exec Code Overflow 2018-03-28 2018-04-24
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.
66 CVE-2018-0125 20 DoS Exec Code +Priv 2018-02-08 2018-03-13
10.0
Admin Remote Low Not required Complete Complete Complete
A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.
67 CVE-2018-0104 20 Exec Code 2018-01-04 2018-01-18
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857.
68 CVE-2017-1000469 20 Exec Code 2018-01-03 2018-01-17
10.0
None Remote Low Not required Complete Complete Complete
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
69 CVE-2017-1000228 20 Exec Code 2017-11-16 2017-11-30
10.0
None Remote Low Not required Complete Complete Complete
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
70 CVE-2017-1000169 20 Exec Code 2017-11-17 2017-12-02
10.0
None Remote Low Not required Complete Complete Complete
QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.
71 CVE-2017-1000082 20 2017-07-07 2017-07-22
10.0
Admin Remote Low Not required Complete Complete Complete
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
72 CVE-2017-18318 20 2018-11-28 2018-12-26
10.0
None Remote Low Not required Complete Complete Complete
Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A.
73 CVE-2017-18171 20 Mem. Corr. 2018-10-23 2018-12-13
8.3
None Local Network Low Not required Complete Complete Complete
Improper input validation for GATT data packet received in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016.
74 CVE-2017-18123 20 2018-02-03 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs.
75 CVE-2017-18074 20 2018-04-11 2018-05-14
10.0
None Remote Low Not required Complete Complete Complete
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835, while playing a .wma file with modified media header with non-standard bytes per second parameter value, a reachable assert occurs.
76 CVE-2017-18067 20 Overflow 2018-03-15 2018-04-06
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.
77 CVE-2017-17773 20 Overflow 2018-03-15 2018-04-12
10.0
None Remote Low Not required Complete Complete Complete
In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow.
78 CVE-2017-17173 20 Exec Code 2018-06-14 2018-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution.
79 CVE-2017-15817 20 2018-02-23 2018-03-12
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.
80 CVE-2017-15103 20 Exec Code 2017-12-18 2018-01-12
9.0
None Remote Low Single system Complete Complete Complete
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
81 CVE-2017-15043 20 Exec Code +Priv 2018-05-04 2018-06-13
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system.
82 CVE-2017-14914 20 2017-12-05 2017-12-20
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale.
83 CVE-2017-14913 20 2018-03-30 2018-04-27
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated.
84 CVE-2017-14910 20 2018-02-23 2018-03-16
10.0
None Remote Low Not required Complete Complete Complete
In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file.
85 CVE-2017-14909 20 2017-12-05 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.
86 CVE-2017-14908 20 2017-12-05 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.
87 CVE-2017-14867 20 Exec Code 2017-09-28 2017-10-11
9.0
None Remote Low Single system Complete Complete Complete
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
88 CVE-2017-13858 20 Exec Code 2017-12-25 2017-12-28
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
89 CVE-2017-13848 20 Exec Code 2017-12-25 2017-12-28
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
90 CVE-2017-13715 20 DoS Exec Code 2017-08-28 2017-09-08
10.0
None Remote Low Not required Complete Complete Complete
The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.
91 CVE-2017-13284 20 2018-04-04 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70808273.
92 CVE-2017-13252 20 2018-04-04 2018-05-08
9.3
None Remote Medium Not required Complete Complete Complete
In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702.
93 CVE-2017-13229 20 Exec Code 2018-02-12 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703.
94 CVE-2017-13176 20 Bypass 2018-01-12 2018-01-29
9.3
None Remote Medium Not required Complete Complete Complete
In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964.
95 CVE-2017-12554 20 Exec Code 2018-02-15 2018-03-06
9.0
None Remote Low Single system Complete Complete Complete
A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT iMC Plat 7.3 E0504P2 and earlier was found.
96 CVE-2017-12541 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
97 CVE-2017-12540 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
98 CVE-2017-12539 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
99 CVE-2017-12538 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
100 CVE-2017-12537 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
101 CVE-2017-12536 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
102 CVE-2017-12535 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
103 CVE-2017-12534 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
104 CVE-2017-12533 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
105 CVE-2017-12532 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
106 CVE-2017-12531 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
107 CVE-2017-12530 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
108 CVE-2017-12529 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
109 CVE-2017-12528 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
110 CVE-2017-12527 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
111 CVE-2017-12526 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
112 CVE-2017-12525 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
113 CVE-2017-12524 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
114 CVE-2017-12523 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
115 CVE-2017-12522 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
116 CVE-2017-12521 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
117 CVE-2017-12520 20 Exec Code 2018-02-15 2018-03-06
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
118 CVE-2017-12519 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
119 CVE-2017-12518 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
120 CVE-2017-12517 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
121 CVE-2017-12516 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
122 CVE-2017-12515 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
123 CVE-2017-12514 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
124 CVE-2017-12513 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
125 CVE-2017-12512 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
126 CVE-2017-12511 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
127 CVE-2017-12510 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
128 CVE-2017-12509 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
129 CVE-2017-12508 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
130 CVE-2017-12507 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
131 CVE-2017-12506 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
132 CVE-2017-12505 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
133 CVE-2017-12504 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
134 CVE-2017-12503 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
135 CVE-2017-12502 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
136 CVE-2017-12501 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
137 CVE-2017-12500 20 Exec Code 2018-02-15 2018-05-20
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
138 CVE-2017-12499 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
139 CVE-2017-12498 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
140 CVE-2017-12497 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
141 CVE-2017-12496 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
142 CVE-2017-12495 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
143 CVE-2017-12494 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
144 CVE-2017-12493 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
145 CVE-2017-12492 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
146 CVE-2017-12491 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
147 CVE-2017-12490 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
148 CVE-2017-12489 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
149 CVE-2017-12488 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
150 CVE-2017-12487 20 Exec Code 2018-02-15 2018-02-23
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
151 CVE-2017-12240 20 DoS Exec Code Overflow 2017-09-28 2017-10-06
10.0
None Remote Low Not required Complete Complete Complete
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.
152 CVE-2017-12194 20 Exec Code 2018-03-14 2018-11-27
10.0
None Remote Low Not required Complete Complete Complete
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.
153 CVE-2017-12148 20 Exec Code 2018-07-27 2018-10-01
9.0
None Remote Low Single system Complete Complete Complete
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as.
154 CVE-2017-11885 20 Exec Code 2017-12-12 2018-10-30
8.5
None Remote Medium Single system Complete Complete Complete
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".
155 CVE-2017-11495 20 Exec Code 2017-07-20 2017-08-15
9.0
None Remote Low Not required Partial Partial Complete
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
156 CVE-2017-11394 20 Exec Code 2017-08-03 2017-10-13
10.0
None Remote Low Not required Complete Complete Complete
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
157 CVE-2017-11393 20 Exec Code 2017-08-03 2017-08-05
10.0
None Remote Low Not required Complete Complete Complete
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
158 CVE-2017-10955 20 Exec Code 2017-10-19 2017-11-13
9.0
None Remote Low Single system Complete Complete Complete
** DISPUTED ** This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerability.
159 CVE-2017-10918 20 2017-07-04 2017-11-03
10.0
None Remote Low Not required Complete Complete Complete
Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
160 CVE-2017-9811 20 2017-07-17 2017-08-11
10.0
None Remote Low Not required Complete Complete Complete
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.
161 CVE-2017-9279 20 Exec Code 2018-03-02 2018-03-22
9.0
None Remote Low Single system Complete Complete Complete
NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users.
162 CVE-2017-9270 20 2018-03-01 2018-03-21
8.5
None Remote Medium Single system Complete Complete Complete
In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database.
163 CVE-2017-9034 20 Exec Code 2017-05-25 2017-06-01
10.0
None Remote Low Not required Complete Complete Complete
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
164 CVE-2017-8983 20 Exec Code 2018-02-15 2018-03-06
9.0
None Remote Low Single system Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found.
165 CVE-2017-8981 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.
166 CVE-2017-8977 20 DoS 2018-02-15 2018-03-09
8.5
None Remote Low Not required None Partial Complete
A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
167 CVE-2017-8976 20 Exec Code 2018-02-15 2018-03-09
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
168 CVE-2017-8975 20 Exec Code 2018-02-15 2018-03-09
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.
169 CVE-2017-8957 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
170 CVE-2017-8956 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
171 CVE-2017-8954 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
172 CVE-2017-8759 20 Exec Code 2017-09-12 2018-01-13
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
173 CVE-2017-8682 20 Exec Code 2017-09-12 2017-09-20
9.3
None Remote Medium Not required Complete Complete Complete
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683.
174 CVE-2017-8550 20 Exec Code 2017-06-14 2017-08-11
8.5
None Remote Medium Single system Complete Complete Complete
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
175 CVE-2017-8390 20 Exec Code 2017-08-02 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name.
176 CVE-2017-7692 20 Exec Code 2017-04-20 2017-11-03
9.0
None Remote Low Single system Complete Complete Complete
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting.
177 CVE-2017-7669 20 2017-06-04 2017-06-09
8.5
None Remote Medium Single system Complete Complete Complete
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
178 CVE-2017-7466 20 Exec Code 2018-06-22 2018-10-26
8.5
None Remote Medium Single system Complete Complete Complete
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
179 CVE-2017-7436 20 2018-03-01 2018-03-21
9.3
None Remote Medium Not required Complete Complete Complete
In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
180 CVE-2017-7435 20 2018-03-01 2018-03-22
9.3
None Remote Medium Not required Complete Complete Complete
In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.
181 CVE-2017-7369 20 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.
182 CVE-2017-7283 20 Exec Code 2017-04-19 2017-04-24
9.0
None Remote Low Single system Complete Complete Complete
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.
183 CVE-2017-7213 20 2017-05-15 2017-05-22
10.0
None Remote Low Not required Complete Complete Complete
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
184 CVE-2017-7170 20 Exec Code 2018-04-03 2018-04-27
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.
185 CVE-2017-6792 20 2017-09-07 2017-09-14
8.5
None Remote Low Single system None Complete Complete
A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766.
186 CVE-2017-6746 20 2017-07-25 2017-08-08
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235.
187 CVE-2017-6667 20 Exec Code 2017-06-13 2017-06-26
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0.
188 CVE-2017-6619 20 Exec Code 2017-04-20 2017-04-26
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.
189 CVE-2017-6616 20 Exec Code 2017-04-20 2017-04-26
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578.
190 CVE-2017-6466 20 2017-03-11 2017-03-14
9.3
None Remote Medium Not required Complete Complete Complete
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the SYSTEM account. Note that when Software Updater is configured to install updates automatically, it checks if the downloaded file is digitally signed by default, but does not check the author of the signature. When running in manual mode (default), no signature check is performed.
191 CVE-2017-6316 20 Exec Code 2017-07-20 2017-09-15
10.0
None Remote Low Not required Complete Complete Complete
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
192 CVE-2017-6315 20 Exec Code 2017-09-19 2017-09-27
10.0
None Remote Low Not required Complete Complete Complete
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.
193 CVE-2017-5819 20 Exec Code 2018-02-15 2018-02-24
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
194 CVE-2017-5817 20 Exec Code 2018-02-15 2018-02-24
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
195 CVE-2017-5816 20 Exec Code 2018-02-15 2018-02-24
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
196 CVE-2017-5815 20 Exec Code 2018-02-15 2018-02-24
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
197 CVE-2017-5806 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
198 CVE-2017-5805 20 Exec Code 2018-02-15 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
199 CVE-2017-5794 20 2018-02-15 2018-03-07
9.0
None Remote Low Single system Complete Complete Complete
A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.
200 CVE-2017-5793 20 Exec Code 2018-02-15 2018-03-07
9.0
None Remote Low Single system Complete Complete Complete
A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found.
Maximum 200 results per search are displayed, please narrow down your search criteria

Vendor
Add %'s for "like" queries( e.g:php% will match vendors starting with the string php. But you are not allowed to use %'s at the beginning of search phrase, or use more than one % due to performance problems)
You can enter multiple vendor names separated by ',' characters (without the quotes), vendor names will be OR'ed. You can also use % characters when entering multiple vendors.
Product
Add %'s for "like" queries( e.g:php% will match products starting with the string php. But you are not allowed to use %'s at the beginning of search phrase, or use more than one % due to performance problems)
You can enter multiple product names separated by ',' characters (without the quotes), product names will be OR'ed. You can also use % characters when entering multiple products.
CVE ID
Exact match
Microsoft Bulletin
Exact match
Bugtraq Id (BID)
Exact match
CWE ID
Exact match
Public Exploit
CVSS Score Minimum : Maximum: (Both values are used as "equals or greater than")
Vulnerability Publish Date Between : Year: Month: And : Year : Month :
Vulnerability Update Date Between : Year: Month: And : Year : Month :
Vulnerability Type












Access Vector


Complexity


Authentication


Confidentiality


Integrity


Availability


Gained Access
(Security Protection)




CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.