Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

2166 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-6333 1 Facebook 1 Nuclide 2019-10-09 7.5
The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could...
CVE-2018-5474 1 Philips 1 Intellispace Portal 2019-10-09 7.5
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash.
CVE-2018-5447 1 Nrec 1 Pcs-9611 Firmware 2019-10-09 10.0
An Improper Input Validation issue was discovered in Nari PCS-9611 relay. An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system...
CVE-2018-4851 1 Siemens 2 Siclock Tc100 Firmware, Siclock Tc400 Firmware 2019-10-09 8.5
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing...
CVE-2018-3772 1 Whereis Project 1 Whereis 2019-10-09 7.5
Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead.
CVE-2018-20106 1 Opensuse 1 Yast2-printer 2019-10-09 9.3
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires...
CVE-2018-1784 1 Ibm 1 Api Connect 2019-10-09 7.5
IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807.
CVE-2018-1273 2 Pivotal Software, Apache 3 Spring Data Commons, Spring Data Rest, Ignite 2019-10-09 7.5
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or...
CVE-2018-1161 1 Quest 1 Netvault Backup 2019-10-09 10.0
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe....
CVE-2018-18999 1 Advantech 1 Webaccess%2fscada 2019-10-09 7.5
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.
CVE-2018-18988 2019-10-09 8.3
LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash.
CVE-2018-15715 1 Zoom 1 Zoom 2019-10-09 7.5
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages...
CVE-2018-15460 1 Cisco 1 Email Security Appliances Firmware 2019-10-09 7.8
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial...
CVE-2018-15454 1 Cisco 2 Adaptive Security Appliance Software, Firepower Threat Defense 2019-10-09 7.8
A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected...
CVE-2018-15422 1 Cisco 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more 2019-10-09 9.3
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the...
CVE-2018-15421 1 Cisco 4 Webex Meetings Online, Webex Meetings Server, Webex Business Suite 32 and 1 more 2019-10-09 9.3
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the...
CVE-2018-15420 1 Cisco 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more 2019-10-09 9.3
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the...
CVE-2018-15419 1 Cisco 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more 2019-10-09 9.3
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the...
CVE-2018-15418 1 Cisco 5 Webex Business Suite 31, Webex Business Suite 32, Webex Business Suite 33 and 2 more 2019-10-09 9.3
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the...
CVE-2018-15417 1 Cisco 4 Webex Business Suite 32, Webex Business Suite 33, Webex Meetings Online and 1 more 2019-10-09 9.3
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the...