CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2401 CVE-2018-5198 362 Exec Code 2018-12-20 2019-01-07
6.8
None Remote Medium Not required Partial Partial Partial
In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution.
2402 CVE-2018-5196 119 Exec Code Overflow 2018-12-21 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
2403 CVE-2018-5178 119 Overflow 2018-06-11 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
2404 CVE-2018-5158 94 2018-06-11 2018-10-20
6.8
None Remote Medium Not required Partial Partial Partial
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
2405 CVE-2018-5146 787 2018-06-11 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
2406 CVE-2018-5141 20 DoS 2018-06-11 2018-08-02
6.4
None Remote Low Not required Partial None Partial
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.
2407 CVE-2018-5130 20 2018-06-11 2018-10-20
6.8
None Remote Medium Not required Partial Partial Partial
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
2408 CVE-2018-5127 119 Overflow 2018-06-11 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
2409 CVE-2018-5125 119 Overflow Mem. Corr. 2018-06-11 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
2410 CVE-2018-5123 352 2019-04-29 2019-05-08
6.8
None Remote Medium Not required Partial Partial Partial
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.
2411 CVE-2018-5088 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.
2412 CVE-2018-5087 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.
2413 CVE-2018-5086 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.
2414 CVE-2018-5085 20 DoS 2018-01-03 2018-01-12
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.
2415 CVE-2018-5084 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.
2416 CVE-2018-5083 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.
2417 CVE-2018-5082 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.
2418 CVE-2018-5081 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.
2419 CVE-2018-5080 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.
2420 CVE-2018-5079 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.
2421 CVE-2018-5073 352 CSRF 2018-01-03 2018-01-17
6.0
None Remote Medium Single system Partial Partial Partial
Online Ticket Booking has CSRF via admin/movieedit.php.
2422 CVE-2018-5067 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2423 CVE-2018-5065 416 Exec Code 2018-07-20 2018-09-13
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2424 CVE-2018-5059 787 Exec Code 2018-07-20 2018-09-13
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2425 CVE-2018-5058 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2426 CVE-2018-5057 704 Exec Code 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2427 CVE-2018-5052 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2428 CVE-2018-5045 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2429 CVE-2018-5043 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2430 CVE-2018-5042 787 Exec Code 2018-07-20 2018-09-13
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2431 CVE-2018-5041 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2432 CVE-2018-5040 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2433 CVE-2018-5038 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2434 CVE-2018-5037 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2435 CVE-2018-5036 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2436 CVE-2018-5034 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2437 CVE-2018-5032 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2438 CVE-2018-5030 476 Exec Code 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2439 CVE-2018-5028 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2440 CVE-2018-5020 787 Exec Code 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2441 CVE-2018-5015 119 Exec Code Overflow 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2442 CVE-2018-5012 476 Exec Code 2018-07-20 2018-09-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2443 CVE-2018-5007 704 Exec Code 2018-07-20 2018-09-17
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2444 CVE-2018-5003 426 2018-08-29 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
2445 CVE-2018-4998 119 Exec Code Overflow Mem. Corr. 2018-07-09 2018-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have a Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2446 CVE-2018-4997 787 Exec Code 2018-07-09 2018-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2447 CVE-2018-4990 415 Exec Code 2018-07-09 2018-08-09
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2448 CVE-2018-4982 119 Exec Code Overflow 2018-07-09 2018-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2449 CVE-2018-4980 416 Exec Code 2018-07-09 2018-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
2450 CVE-2018-4974 416 Exec Code 2018-07-09 2018-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.