Vulnerabilities (CVE)

Filtered by CWE-94
Total 4662 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-8415 1 Microsoft 9 Powershell Core, Windows 10, Windows 7 and 6 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVE-2018-8346 1 Microsoft 2 Windows 7, Windows Server 2008 2024-11-21 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345.
CVE-2018-8345 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2024-11-21 7.6 HIGH 7.5 HIGH
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346.
CVE-2018-8344 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2024-11-21 9.3 HIGH 8.8 HIGH
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVE-2018-8284 1 Microsoft 13 .net Framework, Project Server, Sharepoint Enterprise Server and 10 more 2024-11-21 9.3 HIGH 8.1 HIGH
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
CVE-2018-8097 1 Python-eve 1 Eve 2024-11-21 7.5 HIGH 9.8 CRITICAL
io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.
CVE-2018-8074 1 Yiiframework 1 Yii 2024-11-21 6.8 MEDIUM 8.1 HIGH
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
CVE-2018-8073 1 Yiiframework 1 Yii 2024-11-21 7.5 HIGH 9.8 CRITICAL
Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
CVE-2018-7951 1 Huawei 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more 2024-11-21 9.0 HIGH 8.8 HIGH
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
CVE-2018-7950 1 Huawei 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more 2024-11-21 9.0 HIGH 8.8 HIGH
The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system.
CVE-2018-7801 1 Schneider-electric 2 Evlink Parking, Evlink Parking Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed.
CVE-2018-7756 1 Dewesoft 1 Dewesoft 2024-11-21 10.0 HIGH 9.8 CRITICAL
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command.
CVE-2018-7748 1 Servicenow 1 Servicenow 2024-11-21 6.5 MEDIUM 8.8 HIGH
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
CVE-2018-7633 1 Adbglobal 1 Epicentro 2024-11-21 7.5 HIGH 9.8 CRITICAL
Code injection in the /ui/login form Language parameter in Epicentro E_7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request.
CVE-2018-7466 1 Testlink 1 Testlink 2024-11-21 6.0 MEDIUM 7.5 HIGH
install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value.
CVE-2018-7271 1 Metinfo 1 Metinfo 2024-11-21 9.3 HIGH 8.1 HIGH
An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/config_db.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell.
CVE-2018-6889 1 Typesettercms 1 Typesetter 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.
CVE-2018-6574 3 Debian, Golang, Redhat 6 Debian Linux, Go, Enterprise Linux Server and 3 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
CVE-2018-6512 1 Puppet 3 Pe-razor-server, Puppet Enterprise, Razor-server 2024-11-21 7.5 HIGH 9.8 CRITICAL
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.
CVE-2018-6499 1 Microfocus 9 Autopass License Server, Data Center Automation, Hybrid Cloud Management and 6 more 2024-11-21 7.5 HIGH 7.1 HIGH
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.