CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7551 CVE-2018-11168 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).
7552 CVE-2018-11167 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).
7553 CVE-2018-11166 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).
7554 CVE-2018-11165 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).
7555 CVE-2018-11164 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).
7556 CVE-2018-11163 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46).
7557 CVE-2018-11162 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).
7558 CVE-2018-11161 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).
7559 CVE-2018-11160 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).
7560 CVE-2018-11159 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46).
7561 CVE-2018-11158 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46).
7562 CVE-2018-11157 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).
7563 CVE-2018-11156 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).
7564 CVE-2018-11155 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).
7565 CVE-2018-11154 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).
7566 CVE-2018-11153 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).
7567 CVE-2018-11152 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).
7568 CVE-2018-11151 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).
7569 CVE-2018-11150 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).
7570 CVE-2018-11149 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).
7571 CVE-2018-11148 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).
7572 CVE-2018-11147 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).
7573 CVE-2018-11146 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).
7574 CVE-2018-11145 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).
7575 CVE-2018-11144 78 2018-06-02 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).
7576 CVE-2018-11135 915 2018-05-31 2020-08-24
6.0
None Remote Medium ??? Partial Partial Partial
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.
7577 CVE-2018-11130 416 DoS 2018-05-17 2019-05-27
6.8
None Remote Medium Not required Partial Partial Partial
The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.
7578 CVE-2018-11129 416 DoS 2018-05-17 2019-05-27
6.8
None Remote Medium Not required Partial Partial Partial
The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.
7579 CVE-2018-11128 787 DoS Exec Code Overflow 2018-05-17 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file.
7580 CVE-2018-11126 352 CSRF 2018-05-15 2018-06-19
6.8
None Remote Medium Not required Partial Partial Partial
dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account.
7581 CVE-2018-11116 732 Exec Code 2018-06-19 2019-12-20
6.5
None Remote Low ??? Partial Partial Partial
** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately.
7582 CVE-2018-11100 119 DoS Overflow 2018-05-15 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
7583 CVE-2018-11098 434 2018-05-15 2018-06-19
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
7584 CVE-2018-11095 119 DoS Overflow 2018-05-15 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
7585 CVE-2018-11083 2018-10-05 2020-01-17
6.8
None Remote Medium Not required Partial Partial Partial
Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources.
7586 CVE-2018-11078 732 2018-09-11 2019-10-09
6.0
None Remote Medium ??? Partial Partial Partial
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.
7587 CVE-2018-11060 Bypass 2018-07-24 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.
7588 CVE-2018-11049 427 2018-07-11 2018-09-10
6.9
None Local Medium Not required Complete Complete Complete
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
7589 CVE-2018-11036 200 +Info 2018-05-31 2018-08-01
6.4
None Remote Low Not required Partial Partial None
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data.
7590 CVE-2018-11035 20 DoS 2018-05-14 2018-06-15
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019.
7591 CVE-2018-11034 20 DoS 2018-05-14 2018-06-15
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D.
7592 CVE-2018-11033 119 DoS Overflow 2018-05-14 2018-06-19
6.8
None Remote Medium Not required Partial Partial Partial
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.
7593 CVE-2018-11018 352 CSRF 2018-05-13 2018-06-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html.
7594 CVE-2018-11017 119 DoS Overflow 2018-05-13 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
7595 CVE-2018-11010 787 Overflow 2021-01-11 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
7596 CVE-2018-11009 787 Overflow 2021-01-11 2021-01-13
6.8
None Remote Medium Not required Partial Partial Partial
A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
7597 CVE-2018-11004 352 CSRF 2018-05-12 2018-06-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add.
7598 CVE-2018-10986 352 CSRF 2019-07-03 2019-07-05
6.8
None Remote Medium Not required Partial Partial Partial
OX Guard 2.8.0 has CSRF.
7599 CVE-2018-10977 20 DoS 2018-05-10 2018-06-13
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x002220E4.
7600 CVE-2018-10976 20 DoS 2018-05-10 2018-06-13
6.1
None Local Low Not required Partial Partial Complete
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050.
Total number of vulnerabilities : 22306   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 (This Page)153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.