CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2018-5409 346 Exec Code 2019-05-08 2019-05-10
10.0
None Remote Low Not required Complete Complete Complete
The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.
902 CVE-2018-5399 798 2018-10-08 2019-01-24
10.0
None Remote Low Not required Complete Complete Complete
The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. The server is configured to use password only authentication not cryptographic keys, however the firmware image contains an RSA host-key for the server. An attacker can exploit this vulnerability to gain root access to the Angstrom Linux operating system and modify any binaries or configuration files in the firmware. Affected releases are Auto-Maskin DCU-210E RP-210E: Versions prior to 3.7 on ARMv7.
903 CVE-2018-5393 306 Exec Code 2018-09-28 2019-01-07
10.0
None Remote Low Not required Complete Complete Complete
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.
904 CVE-2018-5371 78 Exec Code 2018-01-12 2018-02-02
9.0
None Remote Low Single system Complete Complete Complete
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
905 CVE-2018-5359 119 Overflow 2018-01-23 2018-02-09
9.3
None Remote Medium Not required Complete Complete Complete
The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow.
906 CVE-2018-5347 77 2018-01-11 2018-02-12
10.0
None Remote Low Not required Complete Complete Complete
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
907 CVE-2018-5262 119 Exec Code Overflow 2018-01-12 2018-01-29
10.0
Admin Remote Low Not required Complete Complete Complete
A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.
908 CVE-2018-5224 20 Exec Code 2018-03-29 2018-04-24
9.0
None Remote Low Single system Complete Complete Complete
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan in Bamboo that has a non-linked Mercurial repository, or create a plan in Bamboo either globally or in a project using Bamboo Specs can can execute code of their choice on systems that run a vulnerable version of Bamboo on the Windows operating system. All versions of Bamboo starting with 2.7.0 before 6.3.3 (the fixed version for 6.3.x) and from version 6.4.0 before 6.4.1 (the fixed version for 6.4.x) running on the Windows operating system are affected by this vulnerability.
909 CVE-2018-5210 119 Exec Code Overflow 2018-01-04 2018-01-29
9.3
None Remote Medium Not required Complete Complete Complete
On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733.
910 CVE-2018-5151 119 Overflow Mem. Corr. 2018-06-11 2018-08-03
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.
911 CVE-2018-5090 119 Overflow Mem. Corr. 2018-06-11 2018-06-25
10.0
None Remote Low Not required Complete Complete Complete
Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.
912 CVE-2018-5070 787 Exec Code 2018-07-20 2018-09-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
913 CVE-2018-5069 787 Exec Code 2018-07-20 2018-09-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
914 CVE-2018-5064 787 Exec Code 2018-07-20 2018-09-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
915 CVE-2018-5021 787 Exec Code 2018-07-20 2018-09-14
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
916 CVE-2018-5011 416 Exec Code 2018-07-20 2018-09-14
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
917 CVE-2018-5009 416 Exec Code 2018-07-20 2018-09-14
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
918 CVE-2018-5002 119 Exec Code Overflow 2018-07-09 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
919 CVE-2018-4996 416 Exec Code 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
920 CVE-2018-4989 416 Exec Code 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
921 CVE-2018-4988 416 Exec Code 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
922 CVE-2018-4987 476 Exec Code 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
923 CVE-2018-4984 119 Exec Code Overflow 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
924 CVE-2018-4983 416 Exec Code 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
925 CVE-2018-4978 119 Exec Code Overflow 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
926 CVE-2018-4977 416 Exec Code 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
927 CVE-2018-4968 119 Exec Code Overflow 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
928 CVE-2018-4966 119 Exec Code Overflow 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
929 CVE-2018-4961 416 Exec Code 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
930 CVE-2018-4959 416 Exec Code 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
931 CVE-2018-4958 416 Exec Code 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
932 CVE-2018-4950 787 Exec Code 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
933 CVE-2018-4948 119 Exec Code Overflow 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
934 CVE-2018-4947 119 Exec Code Overflow 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
935 CVE-2018-4944 704 Exec Code 2018-05-19 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
936 CVE-2018-4939 502 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
937 CVE-2018-4937 787 Exec Code 2018-05-19 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
938 CVE-2018-4935 787 Exec Code 2018-05-19 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
939 CVE-2018-4932 416 Exec Code 2018-05-19 2018-10-21
9.0
None Remote Low Single system Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
940 CVE-2018-4928 119 Exec Code Overflow Mem. Corr. 2018-05-19 2018-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
941 CVE-2018-4924 78 Exec Code 2018-05-19 2018-06-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
942 CVE-2018-4920 704 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
943 CVE-2018-4919 416 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
944 CVE-2018-4918 787 Exec Code 2018-05-19 2018-06-25
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
945 CVE-2018-4917 119 Exec Code Overflow 2018-05-19 2018-06-25
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
946 CVE-2018-4895 787 Exec Code 2018-02-27 2018-03-16
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
947 CVE-2018-4879 787 Exec Code 2018-02-27 2018-03-16
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
948 CVE-2018-4877 416 Exec Code 2018-02-06 2018-03-01
10.0
None Remote Low Not required Complete Complete Complete
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.
949 CVE-2018-4872 254 Bypass 2018-02-27 2018-03-16
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.
950 CVE-2018-4860 78 Exec Code 2018-06-26 2018-08-31
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.