Total
4409 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3784 | 1 Cryo Project | 1 Cryo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. | |||||
| CVE-2018-3700 | 2 Intel, Microsoft | 2 Usb 3.0 Extensible Host Controller Driver, Windows 7 | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-3686 | 1 Intel | 1 Sa-00086 Detection Tool | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access. | |||||
| CVE-2018-3608 | 2 Microsoft, Trendmicro | 7 Windows, Antivirus \+ Security, Internet Security and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. | |||||
| CVE-2018-2491 | 1 Sap | 1 Fiori Client | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps on the hyperlink in the viewer. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | |||||
| CVE-2018-2427 | 1 Sap | 2 Businessobjects Business Intelligence, Crystal Reports | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. | |||||
| CVE-2018-2418 | 1 Sap | 1 Maxdb Odbc Driver | 2024-11-21 | 7.5 HIGH | 5.5 MEDIUM |
| SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2018-2363 | 1 Sap | 2 Business Application Software Integrated Solution, Netweaver | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. | |||||
| CVE-2018-21023 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | |||||
| CVE-2018-21005 | 1 Bbpress Move Topics Project | 1 Bbpress Move Topics | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The bbp-move-topics plugin before 1.1.6 for WordPress has code injection. | |||||
| CVE-2018-20988 | 1 Google Forms Project | 1 Google Forms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation. | |||||
| CVE-2018-20931 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | |||||
| CVE-2018-20896 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.3 LOW | 3.9 LOW |
| cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | |||||
| CVE-2018-20775 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | |||||
| CVE-2018-20773 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | |||||
| CVE-2018-20772 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | |||||
| CVE-2018-20768 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file. | |||||
| CVE-2018-20717 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer. | |||||
| CVE-2018-20605 | 1 Txjia | 1 Imcat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file. | |||||
| CVE-2018-20599 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action. | |||||