Export limit exceeded: 10016 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10016 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3933 | 2 Antennahouse, Linux | 2 Office Server Document Converter, Linux Kernel | 2024-11-21 | N/A |
| An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbputanld` method. | ||||
| CVE-2018-3932 | 2 Antennahouse, Linux | 2 Office Server Document Converter, Linux Kernel | 2024-11-21 | N/A |
| An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based buffer overflow, resulting in remote code execution. | ||||
| CVE-2018-3931 | 2 Antennahouse, Linux | 2 Office Server Document Converter, Linux Kernel | 2024-11-21 | 7.8 High |
| In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method. | ||||
| CVE-2018-3930 | 2 Antennahouse, Linux | 2 Office Server Document Converter, Linux Kernel | 2024-11-21 | 7.8 High |
| In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbgetfp` method. | ||||
| CVE-2018-3929 | 2 Antennahouse, Linux | 2 Office Server Document Converter, Linux Kernel | 2024-11-21 | 7.8 High |
| An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote code execution. | ||||
| CVE-2018-3710 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | 7.8 High |
| Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. | ||||
| CVE-2018-3649 | 1 Intel | 18 Dual Band Wireless-ac 3160, Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168 and 15 more | 2024-11-21 | N/A |
| DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution. | ||||
| CVE-2018-3607 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | N/A |
| XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | ||||
| CVE-2018-3606 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | N/A |
| XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | ||||
| CVE-2018-3605 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | N/A |
| TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | ||||
| CVE-2018-3604 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | N/A |
| GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | ||||
| CVE-2018-3603 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | N/A |
| A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | ||||
| CVE-2018-3602 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | N/A |
| An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | ||||
| CVE-2018-21242 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action. | ||||
| CVE-2018-21117 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler. | ||||
| CVE-2018-21116 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. | ||||
| CVE-2018-21115 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. | ||||
| CVE-2018-20752 | 1 Recon-ng Project | 1 Recon-ng | 2024-11-21 | N/A |
| An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker. | ||||
| CVE-2018-20717 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A |
| In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer. | ||||
| CVE-2018-20356 | 1 Cesanta | 1 Mongoose | 2024-11-21 | N/A |
| An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | ||||