CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2018-14770 77 Exec Code 2018-09-05 2018-11-13
9.0
None Remote Low Single system Complete Complete Complete
VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service).
952 CVE-2018-14768 77 Exec Code 2018-08-29 2018-11-13
9.0
None Remote Low Single system Complete Complete Complete
Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code.
953 CVE-2018-14746 77 2018-11-28 2018-12-27
10.0
None Remote Low Not required Complete Complete Complete
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.
954 CVE-2018-14729 20 Exec Code 2019-05-22 2019-05-23
9.0
None Remote Low Single system Complete Complete Complete
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.
955 CVE-2018-14722 264 Exec Code 2018-08-15 2019-06-27
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance (this is not the default, though).
956 CVE-2018-14714 77 Exec Code 2019-05-13 2019-05-14
10.0
None Remote Low Not required Complete Complete Complete
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
957 CVE-2018-14706 77 Exec Code 2018-12-03 2018-12-20
10.0
None Remote Low Not required Complete Complete Complete
System command injection in the /DroboPix/api/drobopix/demo endpoint on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the payload in a POST request.
958 CVE-2018-14643 287 Exec Code Bypass 2018-09-21 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.
959 CVE-2018-14618 190 Overflow 2018-09-05 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
960 CVE-2018-14528 798 2019-07-05 2019-07-15
10.0
None Remote Low Not required Complete Complete Complete
Invoxia NVX220 devices allow TELNET access as admin with a default password.
961 CVE-2018-14495 77 2019-07-10 2019-07-11
10.0
None Remote Low Not required Complete Complete Complete
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494.
962 CVE-2018-14494 77 2019-07-10 2019-07-18
10.0
None Remote Low Not required Complete Complete Complete
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget.
963 CVE-2018-14417 78 Exec Code 2018-08-03 2018-10-02
10.0
None Remote Low Not required Complete Complete Complete
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
964 CVE-2018-14327 264 +Priv 2018-09-26 2019-01-09
9.3
None Remote Medium Not required Complete Complete Complete
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.
965 CVE-2018-14324 798 +Info 2018-07-16 2019-05-20
10.0
None Remote Low Not required Complete Complete Complete
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product.
966 CVE-2018-14078 255 2018-08-20 2018-10-23
10.0
None Remote Low Not required Complete Complete Complete
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username with password "admin" after a successful attack).
967 CVE-2018-14062 310 DoS 2019-08-15 2019-08-28
9.4
None Remote Low Not required None Complete Complete
The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages (unrelated to distress alerts) via a crafted 406 MHz digital signal.
968 CVE-2018-14060 78 Exec Code 2018-07-14 2018-09-12
10.0
None Remote Low Not required Complete Complete Complete
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
969 CVE-2018-14010 78 Exec Code 2018-07-14 2018-09-12
10.0
None Remote Low Not required Complete Complete Complete
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
970 CVE-2018-14009 20 Exec Code 2018-07-12 2018-09-06
10.0
None Remote Low Not required Complete Complete Complete
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
971 CVE-2018-14007 22 Dir. Trav. 2018-08-15 2018-10-23
10.0
None Remote Low Not required Complete Complete Complete
Citrix XenServer 7.1 and newer allows Directory Traversal.
972 CVE-2018-13925 416 2019-05-24 2019-05-29
10.0
None Remote Low Not required Complete Complete Complete
Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
973 CVE-2018-13924 119 Overflow 2019-07-22 2019-07-24
10.0
None Remote Low Not required Complete Complete Complete
Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA6174A, QCA8081, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
974 CVE-2018-13911 125 2019-06-14 2019-06-18
10.0
None Remote Low Not required Complete Complete Complete
Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130
975 CVE-2018-13887 190 Overflow 2019-05-24 2019-05-29
10.0
None Remote Low Not required Complete Complete Complete
Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, SXR1130
976 CVE-2018-13886 190 Overflow 2019-05-24 2019-05-29
10.0
None Remote Low Not required Complete Complete Complete
Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130
977 CVE-2018-13861 284 2018-07-17 2018-09-17
10.0
None Remote Low Not required Complete Complete Complete
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
978 CVE-2018-13858 284 2018-07-17 2018-09-17
10.0
None Remote Low Not required Complete Complete Complete
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example.
979 CVE-2018-13806 427 Exec Code 2018-09-12 2018-11-20
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited. At the time of advisory publication no public exploitation of this security vulnerability was known.
980 CVE-2018-13802 77 Exec Code 2018-10-10 2019-01-11
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device.
981 CVE-2018-13801 264 +Priv 2018-10-10 2019-01-11
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.
982 CVE-2018-13418 77 Exec Code 2018-11-27 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter.
983 CVE-2018-13411 264 2018-09-12 2018-11-16
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges.
984 CVE-2018-13397 77 Exec Code 2018-11-05 2019-01-08
9.0
None Remote Low Single system Complete Complete Complete
There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system.
985 CVE-2018-13396 77 Exec Code 2018-11-05 2019-01-08
9.0
None Remote Low Single system Complete Complete Complete
There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.
986 CVE-2018-13358 77 Exec Code 2018-11-27 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter.
987 CVE-2018-13356 264 2018-11-27 2018-12-19
9.0
None Remote Low Single system Complete Complete Complete
Incorrect access control on ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to elevate user permissions.
988 CVE-2018-13354 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter.
989 CVE-2018-13353 77 Exec Code 2018-11-27 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter.
990 CVE-2018-13338 77 Exec Code 2018-11-27 2018-12-19
10.0
None Remote Low Not required Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation.
991 CVE-2018-13336 77 Exec Code 2018-11-27 2018-12-19
10.0
None Remote Low Not required Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation.
992 CVE-2018-13330 77 Exec Code 2018-11-27 2018-12-21
9.0
None Remote Low Single system Complete Complete Complete
System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter.
993 CVE-2018-13316 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.
994 CVE-2018-13314 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.
995 CVE-2018-13311 77 Exec Code 2018-11-26 2018-12-19
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter.
996 CVE-2018-13307 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable.
997 CVE-2018-13306 77 Exec Code 2018-11-27 2018-12-21
10.0
None Remote Low Not required Complete Complete Complete
System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter.
998 CVE-2018-13285 78 Exec Code 2019-04-01 2019-04-03
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
999 CVE-2018-13284 78 Exec Code 2019-04-01 2019-04-03
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
1000 CVE-2018-13140 284 Exec Code 2018-09-24 2018-12-20
9.3
None Remote Medium Not required Complete Complete Complete
Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.