| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177. |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177. |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139. |
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301. |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. |
| A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. |
| A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute. |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. |
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8236. |
| A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8111, CVE-2018-8236. |
| Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation. |
| Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2. |
| The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution. |
| A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection. |
| A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file. |
| A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. |
| Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. |
| In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary. |
| A remote code execution issue was discovered in GLPI through 9.2.1. There is a race condition that allows temporary access to an uploaded executable file that will be disallowed. The application allows an authenticated user to upload a file when he/she creates a new ticket via front/fileupload.php. This feature is protected using different types of security features like the check on the file's extension. However, the application uploads and creates a file, though this file is not allowed, and then deletes the file in the uploadFiles method in inc/glpiuploaderhandler.class.php. |
