CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7551 CVE-2018-11157 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).
7552 CVE-2018-11156 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).
7553 CVE-2018-11155 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).
7554 CVE-2018-11154 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).
7555 CVE-2018-11153 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).
7556 CVE-2018-11152 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).
7557 CVE-2018-11151 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).
7558 CVE-2018-11150 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).
7559 CVE-2018-11149 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).
7560 CVE-2018-11148 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).
7561 CVE-2018-11147 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).
7562 CVE-2018-11146 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).
7563 CVE-2018-11145 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).
7564 CVE-2018-11144 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).
7565 CVE-2018-11135 915 2018-05-31 2020-08-24
6.0
None Remote Medium ??? Partial Partial Partial
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.
7566 CVE-2018-11130 416 DoS 2018-05-17 2019-05-27
6.8
None Remote Medium Not required Partial Partial Partial
The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.
7567 CVE-2018-11129 416 DoS 2018-05-17 2019-05-27
6.8
None Remote Medium Not required Partial Partial Partial
The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.
7568 CVE-2018-11128 787 DoS Exec Code Overflow 2018-05-17 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file.
7569 CVE-2018-11126 352 CSRF 2018-05-15 2018-06-19
6.8
None Remote Medium Not required Partial Partial Partial
dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account.
7570 CVE-2018-11116 732 Exec Code 2018-06-19 2019-12-20
6.5
None Remote Low ??? Partial Partial Partial
** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately.
7571 CVE-2018-11100 119 DoS Overflow 2018-05-15 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
7572 CVE-2018-11098 434 2018-05-15 2018-06-19
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
7573 CVE-2018-11095 119 DoS Overflow 2018-05-15 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
7574 CVE-2018-11083 2018-10-05 2020-01-17
6.8
None Remote Medium Not required Partial Partial Partial
Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources.
7575 CVE-2018-11078 732 2018-09-11 2019-10-09
6.0
None Remote Medium ??? Partial Partial Partial
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.
7576 CVE-2018-11060 Bypass 2018-07-24 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.
7577 CVE-2018-11049 427 2018-07-11 2018-09-10
6.9
None Local Medium Not required Complete Complete Complete
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
7578 CVE-2018-11036 200 +Info 2018-05-31 2018-08-01
6.4
None Remote Low Not required Partial Partial None
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.
7579 CVE-2018-11035 20 DoS 2018-05-14 2018-06-15
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019.
7580 CVE-2018-11034 20 DoS 2018-05-14 2018-06-15
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D.
7581 CVE-2018-11033 119 DoS Overflow 2018-05-14 2018-06-19
6.8
None Remote Medium Not required Partial Partial Partial
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.
7582 CVE-2018-11018 352 CSRF 2018-05-13 2018-06-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.
7583 CVE-2018-11017 119 DoS Overflow 2018-05-13 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
7584 CVE-2018-11010 787 Overflow 2021-01-11 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
7585 CVE-2018-11009 787 Overflow 2021-01-11 2021-01-13
6.8
None Remote Medium Not required Partial Partial Partial
A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
7586 CVE-2018-11004 352 CSRF 2018-05-12 2018-06-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add.
7587 CVE-2018-10986 352 CSRF 2019-07-03 2019-07-05
6.8
None Remote Medium Not required Partial Partial Partial
OX Guard 2.8.0 has CSRF.
7588 CVE-2018-10977 20 DoS 2018-05-10 2018-06-13
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x002220E4.
7589 CVE-2018-10976 20 DoS 2018-05-10 2018-06-13
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050.
7590 CVE-2018-10975 20 DoS 2018-05-10 2018-06-13
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222104.
7591 CVE-2018-10974 20 DoS 2018-05-10 2018-06-13
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222100.
7592 CVE-2018-10972 787 DoS Overflow 2018-05-10 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
7593 CVE-2018-10957 352 CSRF 2018-05-10 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists on D-Link DIR-868L devices, leading to (for example) a change to the Admin password. hedwig.cgi and pigwidgeon.cgi are two of the affected components.
7594 CVE-2018-10955 20 DoS 2018-05-10 2018-06-12
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222548.
7595 CVE-2018-10954 20 DoS 2018-05-10 2018-06-12
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222550.
7596 CVE-2018-10953 20 DoS 2018-05-10 2018-06-12
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x0022204C.
7597 CVE-2018-10952 20 DoS 2018-05-10 2018-06-12
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222088.
7598 CVE-2018-10936 297 2018-08-30 2020-10-15
6.8
None Remote Medium Not required Partial Partial Partial
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
7599 CVE-2018-10933 287 2018-10-17 2019-10-09
6.4
None Remote Low Not required Partial Partial None
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
7600 CVE-2018-10929 20 Exec Code 2018-09-04 2020-10-15
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.