Export limit exceeded: 19273 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19273 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-4901 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | ||||
| CVE-2018-4898 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS engine that adds vector graphics and images to a fixed page. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | ||||
| CVE-2018-4895 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | ||||
| CVE-2018-4890 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within an XPS file. A successful attack can lead to code corruption, control-flow hijack, or an information leak attack. | ||||
| CVE-2018-4879 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | ||||
| CVE-2018-4860 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-11-21 | N/A |
| A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2018-4859 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-11-21 | N/A |
| A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2018-4249 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow and stack-based buffer overflow) via a crafted app. | ||||
| CVE-2018-4061 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-11-21 | N/A |
| An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2018-4039 | 1 Atlantiswordprocessor | 1 Atlantis Word Processor | 2024-11-21 | 7.8 High |
| An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. | ||||
| CVE-2018-4029 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-11-21 | 9.8 Critical |
| An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution. | ||||
| CVE-2018-4023 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-11-21 | 9.8 Critical |
| An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. | ||||
| CVE-2018-4021 | 1 Netgate | 1 Pfsense | 2024-11-21 | 7.2 High |
| An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter. | ||||
| CVE-2018-4020 | 1 Netgate | 1 Pfsense | 2024-11-21 | 7.2 High |
| An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_ac_mode` POST parameter parameter. | ||||
| CVE-2018-4019 | 1 Netgate | 1 Pfsense | 2024-11-21 | 7.2 High |
| An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter. | ||||
| CVE-2018-4016 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-11-21 | 8.8 High |
| An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. | ||||
| CVE-2018-4014 | 1 Anker-in | 2 Roav Dashcam A1, Roav Dashcam A1 Firmware | 2024-11-21 | 9.8 Critical |
| An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. | ||||
| CVE-2018-4013 | 2 Debian, Live555 | 2 Debian Linux, Live555 Media Server | 2024-11-21 | 9.8 Critical |
| An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. | ||||
| CVE-2018-4010 | 1 Protonvpn | 1 Protonvpn | 2024-11-21 | 7.8 High |
| An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges. | ||||
| CVE-2018-4003 | 1 Getcujo | 1 Smart Firewall | 2024-11-21 | 9.8 Critical |
| An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. | ||||