CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2351 CVE-2018-9045 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002849.
2352 CVE-2018-9044 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.
2353 CVE-2018-9043 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.
2354 CVE-2018-9042 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.
2355 CVE-2018-9041 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.
2356 CVE-2018-9040 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.
2357 CVE-2018-9037 434 Exec Code 2018-04-10 2018-05-17
6.5
None Remote Low Single system Partial Partial Partial
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.
2358 CVE-2018-9035 20 2018-04-04 2018-05-21
6.8
None Remote Medium Not required Partial Partial Partial
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
2359 CVE-2018-9007 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.
2360 CVE-2018-9006 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.
2361 CVE-2018-9005 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.
2362 CVE-2018-9004 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.
2363 CVE-2018-9003 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.
2364 CVE-2018-9002 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.
2365 CVE-2018-9001 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.
2366 CVE-2018-9000 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.
2367 CVE-2018-8999 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.
2368 CVE-2018-8998 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.
2369 CVE-2018-8997 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004.
2370 CVE-2018-8996 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007.
2371 CVE-2018-8995 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002002.
2372 CVE-2018-8994 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002003.
2373 CVE-2018-8993 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001.
2374 CVE-2018-8992 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002005.
2375 CVE-2018-8991 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009.
2376 CVE-2018-8990 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010.
2377 CVE-2018-8989 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006.
2378 CVE-2018-8988 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008.
2379 CVE-2018-8979 352 XSS CSRF 2018-03-25 2018-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
2380 CVE-2018-8972 352 CSRF 2018-03-24 2018-04-24
6.8
None Remote Medium Not required Partial Partial Partial
Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.
2381 CVE-2018-8969 22 Dir. Trav. 2018-03-24 2018-04-17
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
2382 CVE-2018-8968 22 Dir. Trav. 2018-03-24 2018-04-17
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
2383 CVE-2018-8965 22 Dir. Trav. 2018-03-24 2018-04-17
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
2384 CVE-2018-8960 119 Overflow 2018-03-23 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
2385 CVE-2018-8953 89 Sql 2018-04-11 2018-05-17
6.5
None Remote Low Single system Partial Partial Partial
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.
2386 CVE-2018-8929 417 2018-07-06 2019-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.
2387 CVE-2018-8926 264 2018-06-08 2018-07-27
6.5
None Remote Low Single system Partial Partial Partial
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
2388 CVE-2018-8925 352 CSRF 2018-06-08 2018-07-27
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.
2389 CVE-2018-8908 352 CSRF 2018-03-31 2018-05-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.
2390 CVE-2018-8905 119 Overflow 2018-03-22 2019-08-06
6.8
None Remote Medium Not required Partial Partial Partial
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
2391 CVE-2018-8904 20 DoS 2018-03-22 2018-04-12
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002000.
2392 CVE-2018-8896 20 DoS 2018-03-22 2018-04-12
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222044.
2393 CVE-2018-8895 20 DoS 2018-03-22 2018-04-12
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040.
2394 CVE-2018-8894 20 DoS 2018-03-22 2018-04-12
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222108.
2395 CVE-2018-8893 352 Exec Code CSRF 2018-03-31 2018-05-01
6.8
None Remote Medium Not required Partial Partial Partial
Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code.
2396 CVE-2018-8876 20 DoS 2018-03-20 2018-04-12
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222098.
2397 CVE-2018-8875 20 DoS 2018-03-20 2018-04-12
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x0022209c.
2398 CVE-2018-8874 20 DoS 2018-03-20 2018-04-12
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222054.
2399 CVE-2018-8873 20 DoS 2018-03-20 2018-04-12
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040.
2400 CVE-2018-8868 284 2018-07-02 2018-08-28
6.9
None Local Medium Not required Complete Complete Complete
Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.