Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21023 | 1 Centreon | 1 Centreon Web | 2019-10-15 | 6.5 MEDIUM | 8.8 HIGH |
| getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | |||||
| CVE-2019-13558 | 1 Advantech | 1 Webaccess | 2019-10-09 | 9.0 HIGH | 9.8 CRITICAL |
| In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | |||||
| CVE-2018-2418 | 1 Sap | 1 Maxdb Odbc Driver | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2018-1792 | 1 Ibm | 1 Websphere Mq | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947. | |||||
| CVE-2018-1104 | 1 Redhat | 2 Ansible Tower, Cloudforms | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. | |||||
| CVE-2018-19011 | 1 Omron | 1 Cx-supervisor | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application. | |||||
| CVE-2018-19002 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 8.3 HIGH | 7.8 HIGH |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. | |||||
| CVE-2018-14804 | 1 Emerson | 1 Ams Device Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. | |||||
| CVE-2018-14630 | 1 Moodle | 1 Moodle | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source. | |||||
| CVE-2018-0461 | 1 Cisco | 7 Ip Phone 8800 Series Firmware, Ip Phone 8811, Ip Phone 8841 and 4 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited. | |||||
| CVE-2017-1789 | 1 Ibm | 1 Tivoli Monitoring | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034. | |||||
| CVE-2017-1753 | 1 Ibm | 6 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 3 more | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655. | |||||
| CVE-2017-1329 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231. | |||||
| CVE-2017-1248 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628. | |||||
| CVE-2017-1242 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524. | |||||
| CVE-2017-16151 | 1 Electronjs | 1 Electron | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled. | |||||
| CVE-2017-16100 | 1 Dns-sync Project | 1 Dns-sync | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible. | |||||
| CVE-2017-16082 | 1 Node-postgres | 1 Pg | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious. | |||||
| CVE-2017-16042 | 1 Growl Project | 1 Growl | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. | |||||
| CVE-2017-0899 | 3 Debian, Redhat, Rubygems | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. | |||||