CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2018-0801 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
1102 CVE-2018-0798 119 Exec Code Overflow Mem. Corr. 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
1103 CVE-2018-0797 119 Exec Code Overflow Mem. Corr. 2018-01-09 2018-02-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
1104 CVE-2018-0796 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
1105 CVE-2018-0795 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
1106 CVE-2018-0794 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792.
1107 CVE-2018-0793 264 Exec Code 2018-01-09 2018-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.
1108 CVE-2018-0792 119 Exec Code Overflow 2018-01-09 2018-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794.
1109 CVE-2018-0791 264 Exec Code 2018-01-09 2018-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.
1110 CVE-2018-0789 264 2018-01-09 2018-02-01
9.0
None Remote Low Single system Complete Complete Complete
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790.
1111 CVE-2018-0721 119 Overflow 2018-11-27 2018-12-27
10.0
None Remote Low Not required Complete Complete Complete
Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to run arbitrary code on NAS devices.
1112 CVE-2018-0710 77 2018-07-16 2018-09-13
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
1113 CVE-2018-0709 77 2018-07-16 2018-09-13
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
1114 CVE-2018-0708 77 2018-07-16 2018-09-12
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
1115 CVE-2018-0707 77 2018-07-16 2018-09-12
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
1116 CVE-2018-0694 78 Exec Code 2018-11-15 2018-12-17
10.0
None Remote Low Not required Complete Complete Complete
FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
1117 CVE-2018-0692 426 +Priv 2018-11-15 2018-12-18
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1118 CVE-2018-0663 798 Exec Code 2018-09-07 2018-11-01
9.0
None Remote Low Single system Complete Complete Complete
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector.
1119 CVE-2018-0649 426 +Priv 2018-09-07 2018-11-19
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1120 CVE-2018-0639 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.
1121 CVE-2018-0638 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.
1122 CVE-2018-0637 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.
1123 CVE-2018-0636 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.
1124 CVE-2018-0635 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.
1125 CVE-2018-0634 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.
1126 CVE-2018-0631 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
1127 CVE-2018-0630 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.
1128 CVE-2018-0629 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
1129 CVE-2018-0628 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
1130 CVE-2018-0627 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
1131 CVE-2018-0626 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.
1132 CVE-2018-0625 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter.
1133 CVE-2018-0601 426 +Priv 2018-06-26 2018-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1134 CVE-2018-0599 426 +Priv 2018-06-26 2018-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1135 CVE-2018-0598 426 +Priv 2018-06-26 2018-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1136 CVE-2018-0563 426 +Priv 2018-06-26 2018-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1137 CVE-2018-0562 426 +Priv 2018-04-16 2018-05-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1138 CVE-2018-0561 426 +Priv 2018-04-16 2018-05-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1139 CVE-2018-0555 119 Exec Code Overflow 2018-04-09 2018-05-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file.
1140 CVE-2018-0545 78 Exec Code 2018-04-09 2018-05-15
10.0
None Remote Low Not required Complete Complete Complete
LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
1141 CVE-2018-0544 426 +Priv 2018-03-09 2018-03-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1142 CVE-2018-0543 426 +Priv 2018-03-09 2018-03-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1143 CVE-2018-0541 119 Exec Code Overflow 2018-03-22 2018-04-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors.
1144 CVE-2018-0539 78 Exec Code 2018-03-22 2018-04-13
10.0
None Remote Low Not required Complete Complete Complete
QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors.
1145 CVE-2018-0514 78 Exec Code 2018-02-08 2018-03-10
10.0
None Remote Low Not required Complete Complete Complete
MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
1146 CVE-2018-0507 426 +Priv 2018-01-26 2018-02-13
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1147 CVE-2018-0506 78 Exec Code 2018-01-26 2018-02-13
10.0
None Remote Low Not required Complete Complete Complete
Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
1148 CVE-2018-0440 264 Exec Code 2018-10-05 2019-01-09
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete input validation of user input within an HTTP request. An attacker could exploit this vulnerability by authenticating to the application and then sending a crafted HTTP request to the targeted application. A successful exploit could allow the authenticated attacker to issue commands on the underlying operating system as the root user.
1149 CVE-2018-0432 264 +Priv 2018-10-05 2019-01-09
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting application configuration. An attacker could exploit this vulnerability by sending a crafted command to the error reporting feature. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device.
1150 CVE-2018-0431 77 Exec Code 2018-10-05 2018-12-06
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.