CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2251 CVE-2018-5146 787 2018-06-11 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
2252 CVE-2018-5141 20 DoS 2018-06-11 2018-08-02
6.4
None Remote Low Not required Partial None Partial
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.
2253 CVE-2018-5130 20 2018-06-11 2018-10-20
6.8
None Remote Medium Not required Partial Partial Partial
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
2254 CVE-2018-5127 119 Overflow 2018-06-11 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
2255 CVE-2018-5125 119 Overflow Mem. Corr. 2018-06-11 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
2256 CVE-2018-5123 352 2019-04-29 2019-05-08
6.8
None Remote Medium Not required Partial Partial Partial
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.
2257 CVE-2018-5088 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.
2258 CVE-2018-5087 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.
2259 CVE-2018-5086 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.
2260 CVE-2018-5085 20 DoS 2018-01-03 2018-01-12
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.
2261 CVE-2018-5084 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.
2262 CVE-2018-5083 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.
2263 CVE-2018-5082 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.
2264 CVE-2018-5081 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.
2265 CVE-2018-5080 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.
2266 CVE-2018-5079 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.
2267 CVE-2018-5073 352 CSRF 2018-01-03 2018-01-17
6.0
None Remote Medium Single system Partial Partial Partial
Online Ticket Booking has CSRF via admin/movieedit.php.
2268 CVE-2018-5067 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2269 CVE-2018-5065 416 Exec Code 2018-07-20 2018-09-13
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2270 CVE-2018-5059 787 Exec Code 2018-07-20 2018-09-13
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2271 CVE-2018-5058 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2272 CVE-2018-5057 704 Exec Code 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2273 CVE-2018-5052 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2274 CVE-2018-5045 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2275 CVE-2018-5043 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2276 CVE-2018-5042 787 Exec Code 2018-07-20 2018-09-13
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2277 CVE-2018-5041 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2278 CVE-2018-5040 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2279 CVE-2018-5038 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2280 CVE-2018-5037 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2281 CVE-2018-5036 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2282 CVE-2018-5034 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2283 CVE-2018-5032 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2284 CVE-2018-5030 476 Exec Code 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2285 CVE-2018-5028 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2286 CVE-2018-5020 787 Exec Code 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2287 CVE-2018-5015 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2288 CVE-2018-5012 476 Exec Code 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2289 CVE-2018-5007 704 Exec Code 2018-07-20 2018-09-17
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2290 CVE-2018-5003 426 2018-08-29 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
2291 CVE-2018-4998 119 Exec Code Overflow Mem. Corr. 2018-07-09 2018-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have a Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2292 CVE-2018-4997 787 Exec Code 2018-07-09 2018-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2293 CVE-2018-4990 415 Exec Code 2018-07-09 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2294 CVE-2018-4982 119 Exec Code Overflow 2018-07-09 2018-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2295 CVE-2018-4980 416 Exec Code 2018-07-09 2018-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2296 CVE-2018-4974 416 Exec Code 2018-07-09 2018-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2297 CVE-2018-4971 416 Exec Code 2018-07-09 2018-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2298 CVE-2018-4954 416 Exec Code 2018-07-09 2018-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2299 CVE-2018-4953 704 Exec Code 2018-07-09 2018-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2300 CVE-2018-4952 416 Exec Code 2018-07-09 2018-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.