CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2201 CVE-2018-0909 264 2018-03-14 2018-04-05
6.5
None Remote Low Single system Partial Partial Partial
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
2202 CVE-2018-0907 254 Bypass 2018-03-14 2018-04-06
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature Bypass".
2203 CVE-2018-0903 119 Exec Code Overflow 2018-03-14 2018-04-06
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability".
2204 CVE-2018-0885 20 DoS 2018-03-14 2018-04-09
6.3
None Remote Medium Single system None None Complete
The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka "Hyper-V Denial of Service Vulnerability".
2205 CVE-2018-0882 264 2018-03-14 2018-04-09
6.9
None Local Medium Not required Complete Complete Complete
The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0880.
2206 CVE-2018-0881 264 2018-03-14 2018-04-09
6.9
None Local Medium Not required Complete Complete Complete
The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka "Microsoft Video Control Elevation of Privilege Vulnerability".
2207 CVE-2018-0880 264 2018-03-14 2018-04-10
6.9
None Local Medium Not required Complete Complete Complete
The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0882.
2208 CVE-2018-0868 264 2018-03-14 2018-08-09
6.9
None Local Medium Not required Complete Complete Complete
Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how input is sanitized, aka "Windows Installer Elevation of Privilege Vulnerability".
2209 CVE-2018-0842 264 2018-02-14 2018-10-30
6.9
None Local Medium Not required Complete Complete Complete
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability".
2210 CVE-2018-0833 476 DoS 2018-02-14 2018-04-04
6.3
None Remote Medium Single system None None Complete
The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability".
2211 CVE-2018-0817 264 2018-03-14 2018-08-09
6.9
None Local Medium Not required Complete Complete Complete
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0816.
2212 CVE-2018-0816 264 2018-03-14 2018-08-09
6.9
None Local Medium Not required Complete Complete Complete
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0817.
2213 CVE-2018-0815 264 2018-03-14 2018-04-06
6.9
None Local Medium Not required Complete Complete Complete
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0816, and CVE-2018-0817.
2214 CVE-2018-0809 264 2018-02-14 2018-10-30
6.9
None Local Medium Not required Complete Complete Complete
The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0820 and CVE-2018-0843.
2215 CVE-2018-0790 264 2018-01-09 2018-01-29
6.5
None Remote Low Single system Partial Partial Partial
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789.
2216 CVE-2018-0788 264 2018-01-04 2018-01-18
6.9
None Local Medium Not required Complete Complete Complete
The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability".
2217 CVE-2018-0787 640 2018-03-14 2018-04-11
6.8
None Remote Medium Not required Partial Partial Partial
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
2218 CVE-2018-0784 264 2018-01-09 2018-02-01
6.8
None Remote Medium Not required Partial Partial Partial
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.
2219 CVE-2018-0704 22 Dir. Trav. 2019-01-09 2019-01-15
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
2220 CVE-2018-0703 22 Dir. Trav. 2019-01-09 2019-01-15
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
2221 CVE-2018-0702 22 Dir. Trav. 2019-01-09 2019-01-15
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 allows remote attackers to delete arbitrary files via unspecified vectors.
2222 CVE-2018-0686 434 2018-11-15 2018-12-17
6.5
None Remote Low Single system Partial Partial Partial
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors.
2223 CVE-2018-0685 89 Exec Code Sql 2018-11-15 2018-12-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search.
2224 CVE-2018-0675 94 2018-09-04 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors.
2225 CVE-2018-0674 94 2018-09-04 2018-11-20
6.8
None Remote Medium Not required Partial Partial Partial
AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors.
2226 CVE-2018-0658 20 Exec Code 2018-09-07 2018-11-20
6.5
None Remote Low Single system Partial Partial Partial
Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors.
2227 CVE-2018-0656 426 +Priv 2018-09-04 2018-11-06
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2228 CVE-2018-0648 426 +Priv 2018-09-07 2018-11-13
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2229 CVE-2018-0647 352 CSRF 2018-09-07 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
2230 CVE-2018-0646 22 Dir. Trav. 2018-09-04 2018-11-06
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in Explzh v.7.58 and earlier allows an attacker to read arbitrary files via unspecified vectors.
2231 CVE-2018-0641 119 Exec Code Overflow 2019-01-09 2019-01-16
6.5
None Remote Low Single system Partial Partial Partial
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via tools_system.cgi date parameter, time parameter, and offset parameter.
2232 CVE-2018-0640 119 Exec Code Overflow 2019-01-09 2019-01-16
6.5
None Remote Low Single system Partial Partial Partial
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.
2233 CVE-2018-0633 119 Exec Code Overflow 2019-01-09 2019-01-16
6.5
None Remote Low Single system Partial Partial Partial
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter.
2234 CVE-2018-0632 119 Exec Code Overflow 2019-01-09 2019-01-16
6.5
None Remote Low Single system Partial Partial Partial
Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response.
2235 CVE-2018-0624 426 +Priv 2018-09-07 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of ykkapi.dll loaded by the vulnerable products.
2236 CVE-2018-0623 426 +Priv 2018-09-07 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver. 20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This flaw exists within the handling of msjet49.dll loaded by the vulnerable products.
2237 CVE-2018-0621 426 +Priv 2018-07-26 2018-09-20
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2238 CVE-2018-0620 426 +Priv 2018-07-26 2018-09-20
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2239 CVE-2018-0619 426 +Priv 2018-07-26 2018-09-20
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2240 CVE-2018-0613 264 Bypass 2018-07-26 2018-10-03
6.5
None Remote Low Single system Partial Partial Partial
NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.
2241 CVE-2018-0610 264 Exec Code +Info File Inclusion 2018-06-26 2018-08-17
6.5
None Remote Low Single system Partial Partial Partial
Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.
2242 CVE-2018-0609 426 +Priv 2018-06-26 2018-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2243 CVE-2018-0607 89 Exec Code Sql 2018-07-26 2018-09-24
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
2244 CVE-2018-0606 89 Exec Code Sql 2018-06-26 2018-08-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
2245 CVE-2018-0604 284 Exec Code 2018-06-26 2018-08-17
6.5
None Remote Low Single system Partial Partial Partial
Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors.
2246 CVE-2018-0600 426 +Priv 2018-06-26 2018-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2247 CVE-2018-0597 426 +Priv 2018-06-26 2018-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of Visual Studio Code allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2248 CVE-2018-0596 426 +Priv 2018-06-26 2018-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of Visual Studio Community allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2249 CVE-2018-0595 426 +Priv 2018-06-26 2018-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
2250 CVE-2018-0594 426 +Priv 2018-06-26 2018-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Skype for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.