Total
1885 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6220 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-11-21 | N/A |
| An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems. | ||||
| CVE-2018-4995 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2024-11-21 | N/A |
| Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass. | ||||
| CVE-2018-4235 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection. | ||||
| CVE-2018-4153 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14. | ||||
| CVE-2018-4106 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject arbitrary commands within pasted content. | ||||
| CVE-2018-25016 | 1 Greenbone | 2 Greenbone Os, Greenbone Security Assistant | 2024-11-21 | 9.8 Critical |
| Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection. | ||||
| CVE-2018-21268 | 1 Traceroute Project | 1 Traceroute | 2024-11-21 | 10 Critical |
| The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character. | ||||
| CVE-2018-21258 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. | ||||
| CVE-2018-21228 | 1 Netgear | 26 D7800, D7800 Firmware, Ex6100 and 23 more | 2024-11-21 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, EX6100v2 before 1.0.1.50, EX6150v2 before 1.0.1.50, EX6200v2 before 1.0.1.44, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.2.30, WN3000RPv3 before 1.0.2.50, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | ||||
| CVE-2018-21227 | 1 Netgear | 24 D7800, D7800 Firmware, R6400 and 21 more | 2024-11-21 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R6400v2 before 1.0.2.34, R6700 before 1.0.1.30, R6900 before 1.0.1.30, R6900P before 1.0.0.62, R7000 before 1.0.9.12, R7000P before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | ||||
| CVE-2018-21208 | 1 Netgear | 10 D6100, D6100 Firmware, R6100 and 7 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | ||||
| CVE-2018-21146 | 1 Netgear | 12 D7800, D7800 Firmware, R7800 and 9 more | 2024-11-21 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54. | ||||
| CVE-2018-21123 | 1 Netgear | 6 Wc7500, Wc7500 Firmware, Wc7520 and 3 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9. | ||||
| CVE-2018-21119 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-11-21 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.5.4 and WAC510 before 5.0.5.4. | ||||
| CVE-2018-21114 | 1 Netgear | 26 D7800, D7800 Firmware, Ex6100 and 23 more | 2024-11-21 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | ||||
| CVE-2018-21113 | 1 Netgear | 20 D6100, D6100 Firmware, D7800 and 17 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56. | ||||
| CVE-2018-21112 | 1 Netgear | 10 D7800, D7800 Firmware, R7500 and 7 more | 2024-11-21 | 6.8 Medium |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000 before 1.0.4.12. | ||||
| CVE-2018-21051 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018). | ||||
| CVE-2018-20914 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). | ||||
| CVE-2018-20898 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | ||||