CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1651 CVE-2018-0866 119 Exec Code Overflow Mem. Corr. 2018-02-14 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0861.
1652 CVE-2018-0862 119 Exec Code Overflow 2018-01-22 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
1653 CVE-2018-0861 119 Exec Code Overflow Mem. Corr. 2018-02-14 2018-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0866.
1654 CVE-2018-0858 119 Exec Code Overflow Mem. Corr. 2018-02-14 2018-03-14
9.3
None Remote Medium Not required Complete Complete Complete
ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
1655 CVE-2018-0852 119 Exec Code Overflow Mem. Corr. 2018-02-14 2018-03-06
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0851.
1656 CVE-2018-0851 119 Exec Code Overflow Mem. Corr. 2018-02-14 2018-03-06
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852.
1657 CVE-2018-0849 119 Exec Code Overflow 2018-01-22 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
1658 CVE-2018-0848 119 Exec Code Overflow 2018-01-22 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
1659 CVE-2018-0845 119 Exec Code Overflow 2018-01-22 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
1660 CVE-2018-0841 264 Exec Code 2018-02-14 2018-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability"
1661 CVE-2018-0840 119 Exec Code Overflow Mem. Corr. 2018-02-14 2018-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
1662 CVE-2018-0834 119 Exec Code Overflow Mem. Corr. 2018-02-14 2018-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
1663 CVE-2018-0812 119 Exec Code Overflow Mem. Corr. 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption Vulnerability".
1664 CVE-2018-0807 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806.
1665 CVE-2018-0806 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807.
1666 CVE-2018-0805 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807
1667 CVE-2018-0804 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
1668 CVE-2018-0802 119 Exec Code Overflow Mem. Corr. 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
1669 CVE-2018-0801 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
1670 CVE-2018-0798 119 Exec Code Overflow Mem. Corr. 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
1671 CVE-2018-0797 119 Exec Code Overflow Mem. Corr. 2018-01-09 2018-02-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
1672 CVE-2018-0796 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
1673 CVE-2018-0795 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
1674 CVE-2018-0794 119 Exec Code Overflow 2018-01-09 2018-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792.
1675 CVE-2018-0793 264 Exec Code 2018-01-09 2018-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.
1676 CVE-2018-0792 119 Exec Code Overflow 2018-01-09 2018-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794.
1677 CVE-2018-0791 264 Exec Code 2018-01-09 2018-01-29
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.
1678 CVE-2018-0789 264 2018-01-09 2018-02-01
9.0
None Remote Low Single system Complete Complete Complete
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790.
1679 CVE-2018-0721 119 Overflow 2018-11-27 2018-12-27
10.0
None Remote Low Not required Complete Complete Complete
Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to run arbitrary code on NAS devices.
1680 CVE-2018-0710 77 2018-07-16 2018-09-13
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
1681 CVE-2018-0709 77 2018-07-16 2018-09-13
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
1682 CVE-2018-0708 77 2018-07-16 2018-09-12
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
1683 CVE-2018-0707 77 2018-07-16 2018-09-12
9.0
None Remote Low Single system Complete Complete Complete
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
1684 CVE-2018-0694 78 Exec Code 2018-11-15 2018-12-17
10.0
None Remote Low Not required Complete Complete Complete
FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
1685 CVE-2018-0692 426 +Priv 2018-11-15 2018-12-18
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1686 CVE-2018-0663 798 Exec Code 2018-09-07 2018-11-01
9.0
None Remote Low Single system Complete Complete Complete
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector.
1687 CVE-2018-0649 426 +Priv 2018-09-07 2018-11-19
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
1688 CVE-2018-0639 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.
1689 CVE-2018-0638 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.
1690 CVE-2018-0637 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.
1691 CVE-2018-0636 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.
1692 CVE-2018-0635 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.
1693 CVE-2018-0634 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.
1694 CVE-2018-0631 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
1695 CVE-2018-0630 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.
1696 CVE-2018-0629 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
1697 CVE-2018-0628 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low Single system Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
1698 CVE-2018-0627 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
1699 CVE-2018-0626 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.
1700 CVE-2018-0625 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low Single system Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.