Export limit exceeded: 19262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19262 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11149 | 1 Quest | 1 Disk Backup | 2024-11-21 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46). | ||||
| CVE-2018-11148 | 1 Quest | 1 Disk Backup | 2024-11-21 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46). | ||||
| CVE-2018-11147 | 1 Quest | 1 Disk Backup | 2024-11-21 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46). | ||||
| CVE-2018-11146 | 1 Quest | 1 Disk Backup | 2024-11-21 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46). | ||||
| CVE-2018-11145 | 1 Quest | 1 Disk Backup | 2024-11-21 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46). | ||||
| CVE-2018-11144 | 1 Quest | 1 Disk Backup | 2024-11-21 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46). | ||||
| CVE-2018-11143 | 1 Quest | 1 Disk Backup | 2024-11-21 | N/A |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46). | ||||
| CVE-2018-11139 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method. | ||||
| CVE-2018-11132 | 1 Quest | 1 Kace System Management Appliance | 2024-11-21 | N/A |
| In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root. | ||||
| CVE-2018-11128 | 1 Pdfparser | 1 Pdfparser | 2024-11-21 | N/A |
| The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file. | ||||
| CVE-2018-11077 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2024-11-21 | N/A |
| 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. | ||||
| CVE-2018-11013 | 2 D-link, Dlink | 2 Dir-816 A2 Firmware, Dir-816 A2 | 2024-11-21 | N/A |
| Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. | ||||
| CVE-2018-11010 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 7.8 High |
| A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | ||||
| CVE-2018-11009 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 7.8 High |
| A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | ||||
| CVE-2018-11007 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2024-11-21 | 5.5 Medium |
| A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. | ||||
| CVE-2018-10987 | 1 Diqee | 2 Diqee360, Diqee360 Firmware | 2024-11-21 | N/A |
| An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account. | ||||
| CVE-2018-10972 | 1 Flif | 1 Free Lossless Image Format | 2024-11-21 | N/A |
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2018-10967 | 2 D-link, Dlink | 4 Dir-550a Firmware, Dir-604m Firmware, Dir-550a and 1 more | 2024-11-21 | N/A |
| On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution. | ||||
| CVE-2018-10907 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2024-11-21 | 8.8 High |
| It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution. | ||||
| CVE-2018-10905 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user. | ||||