CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2651 CVE-2018-11181 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).
2652 CVE-2018-11180 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).
2653 CVE-2018-11179 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).
2654 CVE-2018-11178 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).
2655 CVE-2018-11177 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).
2656 CVE-2018-11176 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).
2657 CVE-2018-11175 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).
2658 CVE-2018-11174 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46).
2659 CVE-2018-11173 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46).
2660 CVE-2018-11172 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).
2661 CVE-2018-11171 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).
2662 CVE-2018-11170 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).
2663 CVE-2018-11169 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).
2664 CVE-2018-11168 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).
2665 CVE-2018-11167 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).
2666 CVE-2018-11166 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).
2667 CVE-2018-11165 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).
2668 CVE-2018-11164 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).
2669 CVE-2018-11163 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46).
2670 CVE-2018-11162 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).
2671 CVE-2018-11161 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).
2672 CVE-2018-11160 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).
2673 CVE-2018-11159 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46).
2674 CVE-2018-11158 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46).
2675 CVE-2018-11157 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).
2676 CVE-2018-11156 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).
2677 CVE-2018-11155 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).
2678 CVE-2018-11154 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).
2679 CVE-2018-11153 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).
2680 CVE-2018-11152 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).
2681 CVE-2018-11151 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).
2682 CVE-2018-11150 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).
2683 CVE-2018-11149 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46).
2684 CVE-2018-11148 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46).
2685 CVE-2018-11147 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).
2686 CVE-2018-11146 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).
2687 CVE-2018-11145 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).
2688 CVE-2018-11144 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).
2689 CVE-2018-11135 94 2018-05-31 2018-06-28
6.0
None Remote Medium Single system Partial Partial Partial
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.
2690 CVE-2018-11130 416 DoS 2018-05-17 2019-05-27
6.8
None Remote Medium Not required Partial Partial Partial
The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.
2691 CVE-2018-11129 416 DoS 2018-05-17 2019-05-27
6.8
None Remote Medium Not required Partial Partial Partial
The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.
2692 CVE-2018-11128 119 DoS Exec Code Overflow 2018-05-17 2018-06-20
6.8
None Remote Medium Not required Partial Partial Partial
The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file.
2693 CVE-2018-11126 352 CSRF 2018-05-15 2018-06-19
6.8
None Remote Medium Not required Partial Partial Partial
dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account.
2694 CVE-2018-11116 732 Exec Code 2018-06-19 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution.
2695 CVE-2018-11100 119 DoS Overflow 2018-05-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
2696 CVE-2018-11098 434 2018-05-14 2018-06-19
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/file_manager/upload URI, a similar issue to CVE-2014-4912.
2697 CVE-2018-11095 119 DoS Overflow 2018-05-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
2698 CVE-2018-11083 2018-10-05 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources.
2699 CVE-2018-11078 732 2018-09-11 2019-10-09
6.0
None Remote Medium Single system Partial Partial Partial
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.
2700 CVE-2018-11060 Bypass 2018-07-24 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.