Export limit exceeded: 342739 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10067 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10067 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9491 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111603051 | ||||
| CVE-2018-9490 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046 | ||||
| CVE-2018-9473 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460 | ||||
| CVE-2018-9450 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338. | ||||
| CVE-2018-9446 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946. | ||||
| CVE-2018-9356 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468. | ||||
| CVE-2018-9355 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921. | ||||
| CVE-2018-9157 | 1 Axis | 2 M1033-w, M1033-w Firmware | 2024-11-21 | N/A |
| An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality | ||||
| CVE-2018-9156 | 1 Axis | 2 P1354, P1354 Firmware | 2024-11-21 | N/A |
| An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server mod_include module with "<!--#exec cmd=" support. The file needs to include a specific string to meet the internal system architecture. After the webshell upload, an attacker can use the webshell to perform remote code execution such as running a system command (ls, ping, cat /etc/passwd, etc.). NOTE: the vendor reportedly indicates that this is an intended feature or functionality | ||||
| CVE-2018-9037 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files. | ||||
| CVE-2018-8871 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 9.8 Critical |
| In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. | ||||
| CVE-2018-8865 | 1 Lantech | 2 Ids 2102, Ids 2102 Firmware | 2024-11-21 | 9.8 Critical |
| In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2018-8847 | 1 Eaton | 2 9000x, 9000x Firmware | 2024-11-21 | 9.8 Critical |
| Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. | ||||
| CVE-2018-8840 | 2 Indusoft, Industrial-software | 2 Web Studio, Intouch Machine Edition 2017 | 2024-11-21 | N/A |
| A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution. | ||||
| CVE-2018-8837 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | N/A |
| Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. | ||||
| CVE-2018-8835 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | N/A |
| Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | ||||
| CVE-2018-8833 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | 7.8 High |
| Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | ||||
| CVE-2018-8800 | 3 Debian, Opensuse, Rdesktop | 3 Debian Linux, Leap, Rdesktop | 2024-11-21 | 9.8 Critical |
| rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. | ||||
| CVE-2018-8797 | 3 Debian, Opensuse, Rdesktop | 3 Debian Linux, Leap, Rdesktop | 2024-11-21 | 9.8 Critical |
| rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. | ||||
| CVE-2018-8795 | 3 Debian, Opensuse, Rdesktop | 3 Debian Linux, Leap, Rdesktop | 2024-11-21 | 9.8 Critical |
| rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution. | ||||