CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2018-4996 416 Exec Code 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1252 CVE-2018-4989 416 Exec Code 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1253 CVE-2018-4988 416 Exec Code 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1254 CVE-2018-4987 476 Exec Code 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1255 CVE-2018-4984 119 Exec Code Overflow 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1256 CVE-2018-4983 416 Exec Code 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1257 CVE-2018-4978 119 Exec Code Overflow 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1258 CVE-2018-4977 416 Exec Code 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1259 CVE-2018-4968 119 Exec Code Overflow 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1260 CVE-2018-4966 119 Exec Code Overflow 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1261 CVE-2018-4961 416 Exec Code 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1262 CVE-2018-4959 416 Exec Code 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1263 CVE-2018-4958 416 Exec Code 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1264 CVE-2018-4950 787 Exec Code 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1265 CVE-2018-4948 119 Exec Code Overflow 2018-07-09 2018-08-29
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1266 CVE-2018-4947 119 Exec Code Overflow 2018-07-09 2018-08-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1267 CVE-2018-4944 704 Exec Code 2018-05-19 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1268 CVE-2018-4939 502 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.
1269 CVE-2018-4937 787 Exec Code 2018-05-19 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1270 CVE-2018-4935 787 Exec Code 2018-05-19 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1271 CVE-2018-4932 416 Exec Code 2018-05-19 2018-10-21
9.0
None Remote Low Single system Complete Complete Complete
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1272 CVE-2018-4928 119 Exec Code Overflow Mem. Corr. 2018-05-19 2018-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1273 CVE-2018-4924 78 Exec Code 2018-05-19 2018-06-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1274 CVE-2018-4920 704 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1275 CVE-2018-4919 416 Exec Code 2018-05-19 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1276 CVE-2018-4918 787 Exec Code 2018-05-19 2018-06-25
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1277 CVE-2018-4917 119 Exec Code Overflow 2018-05-19 2018-06-25
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
1278 CVE-2018-4895 787 Exec Code 2018-02-27 2018-03-16
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
1279 CVE-2018-4879 787 Exec Code 2018-02-27 2018-03-16
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
1280 CVE-2018-4877 416 Exec Code 2018-02-06 2018-03-01
10.0
None Remote Low Not required Complete Complete Complete
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.
1281 CVE-2018-4872 254 Bypass 2018-02-27 2018-03-16
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.
1282 CVE-2018-4860 78 Exec Code 2018-06-26 2018-08-31
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
1283 CVE-2018-4859 78 Exec Code 2018-06-26 2018-08-31
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
1284 CVE-2018-4858 284 Exec Code 2018-07-09 2018-12-13
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.
1285 CVE-2018-4854 284 Exec Code 2018-07-03 2018-09-06
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes the modified client from the affected device, then he/she could obtain code execution on the client system.
1286 CVE-2018-4853 284 2018-07-03 2018-09-06
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device.
1287 CVE-2018-4846 798 2018-06-26 2018-08-31
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.
1288 CVE-2018-4841 264 2018-03-29 2018-04-27
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability has been identified in TIM 1531 IRC (All versions < V1.1). A remote attacker with network access to port 80/tcp or port 443/tcp could perform administrative operations on the device without prior authentication. Successful exploitation could allow to cause a denial-of-service, or read and manipulate data as well as configuration settings of the affected device. At the stage of publishing this security advisory no public exploitation is known. Siemens provides mitigations to resolve it.
1289 CVE-2018-4834 434 2018-01-24 2018-02-15
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability has been identified in Desigo Automation Controllers Compact PXC12/22/36-E.D, Desigo Automation Controllers Modular PXC00/50/100/200-E.D, Desigo Automation Controllers PXC00/64/128-U with Web module, Desigo Automation Controllers for Integration PXC001-E.D, Desigo Operator Unit PXM20-E. A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.
1290 CVE-2018-4465 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
1291 CVE-2018-4463 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
1292 CVE-2018-4461 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
1293 CVE-2018-4456 119 Overflow Mem. Corr. 2019-04-03 2019-05-14
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.
1294 CVE-2018-4450 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
1295 CVE-2018-4449 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.2.
1296 CVE-2018-4447 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
1297 CVE-2018-4427 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to: iOS 12.1, watchOS 5.1.2, tvOS 12.1.1, macOS High Sierra 10.13.6 Security Update 2018-003 High Sierra, macOS Sierra 10.12.6 Security Update 2018-006.
1298 CVE-2018-4426 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
1299 CVE-2018-4425 119 Overflow Mem. Corr. 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
1300 CVE-2018-4424 119 Overflow 2019-04-03 2019-04-05
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow was addressed with improved size validation. This issue affected versions prior to macOS Mojave 10.14.1.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.