Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-94
Total 2906 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-2418 1 Sap 1 Maxdb Odbc Driver 2019-10-09 7.5 HIGH 9.8 CRITICAL
SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
CVE-2018-1792 1 Ibm 1 Websphere Mq 2019-10-09 7.2 HIGH 7.8 HIGH
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.
CVE-2018-1104 1 Redhat 2 Ansible Tower, Cloudforms 2019-10-09 6.5 MEDIUM 8.8 HIGH
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
CVE-2018-19641 1 Microfocus 1 Solutions Business Manager 2019-10-09 7.5 HIGH 9.8 CRITICAL
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
CVE-2018-19002 1 Lcds 1 Laquis Scada 2019-10-09 8.3 HIGH 7.8 HIGH
LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash.
CVE-2018-19011 1 Omron 1 Cx-supervisor 2019-10-09 6.8 MEDIUM 8.8 HIGH
CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.
CVE-2018-14630 1 Moodle 1 Moodle 2019-10-09 6.5 MEDIUM 8.8 HIGH
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.
CVE-2018-14804 1 Emerson 1 Ams Device Manager 2019-10-09 7.5 HIGH 9.8 CRITICAL
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.
CVE-2018-0461 1 Cisco 7 Ip Phone 8800 Series Firmware, Ip Phone 8811, Ip Phone 8841 and 4 more 2019-10-09 6.8 MEDIUM 8.8 HIGH
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.
CVE-2017-3967 1 Mcafee 1 Network Security Manager 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames.
CVE-2017-3907 1 Mcafee 1 Mcafee Threat Intelligence Exchange 2019-10-09 7.5 HIGH 9.8 CRITICAL
Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector.
CVE-2017-1242 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524.
CVE-2017-1329 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 3.5 LOW 5.4 MEDIUM
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231.
CVE-2017-1248 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628.
CVE-2017-1753 1 Ibm 6 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 3 more 2019-10-09 3.5 LOW 5.4 MEDIUM
Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655.
CVE-2017-1789 1 Ibm 1 Tivoli Monitoring 2019-10-09 7.5 HIGH 9.8 CRITICAL
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.
CVE-2017-16082 1 Node-postgres 1 Pg 2019-10-09 7.5 HIGH 9.8 CRITICAL
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.
CVE-2017-16151 1 Electronjs 1 Electron 2019-10-09 7.5 HIGH 9.8 CRITICAL
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
CVE-2017-16020 1 Summit Project 1 Summit 2019-10-09 7.5 HIGH 9.8 CRITICAL
Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.
CVE-2017-0899 3 Debian, Redhat, Rubygems 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2019-10-09 7.5 HIGH 9.8 CRITICAL
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.