CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2951 CVE-2018-9078 79 XSS 2018-09-28 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.
2952 CVE-2018-9074 22 Dir. Trav. 2018-09-28 2018-11-20
6.8
None Remote Low Single system None Complete None
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
2953 CVE-2018-9070 2018-07-13 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.
2954 CVE-2018-9054 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100284c.
2955 CVE-2018-9053 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf10026cc.
2956 CVE-2018-9052 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100283c.
2957 CVE-2018-9051 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002021.
2958 CVE-2018-9050 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100202d.
2959 CVE-2018-9049 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002833.
2960 CVE-2018-9048 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282c.
2961 CVE-2018-9047 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002841.
2962 CVE-2018-9046 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282d.
2963 CVE-2018-9045 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002849.
2964 CVE-2018-9044 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.
2965 CVE-2018-9043 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.
2966 CVE-2018-9042 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.
2967 CVE-2018-9041 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.
2968 CVE-2018-9040 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.
2969 CVE-2018-9037 434 Exec Code 2018-04-10 2018-05-17
6.5
None Remote Low Single system Partial Partial Partial
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.
2970 CVE-2018-9035 20 2018-04-04 2018-05-21
6.8
None Remote Medium Not required Partial Partial Partial
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
2971 CVE-2018-9009 416 2018-03-24 2019-10-11
6.8
None Remote Medium Not required Partial Partial Partial
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.
2972 CVE-2018-9007 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.
2973 CVE-2018-9006 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.
2974 CVE-2018-9005 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.
2975 CVE-2018-9004 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.
2976 CVE-2018-9003 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.
2977 CVE-2018-9002 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.
2978 CVE-2018-9001 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.
2979 CVE-2018-9000 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.
2980 CVE-2018-8999 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.
2981 CVE-2018-8998 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.
2982 CVE-2018-8997 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004.
2983 CVE-2018-8996 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007.
2984 CVE-2018-8995 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002002.
2985 CVE-2018-8994 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002003.
2986 CVE-2018-8993 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001.
2987 CVE-2018-8992 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002005.
2988 CVE-2018-8991 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009.
2989 CVE-2018-8990 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010.
2990 CVE-2018-8989 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006.
2991 CVE-2018-8988 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008.
2992 CVE-2018-8979 352 XSS CSRF 2018-03-25 2018-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
2993 CVE-2018-8972 352 CSRF 2018-03-24 2018-04-24
6.8
None Remote Medium Not required Partial Partial Partial
Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.
2994 CVE-2018-8969 22 Dir. Trav. 2018-03-24 2018-04-17
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
2995 CVE-2018-8968 22 Dir. Trav. 2018-03-24 2018-04-17
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
2996 CVE-2018-8965 22 Dir. Trav. 2018-03-24 2018-04-17
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
2997 CVE-2018-8960 125 2018-03-23 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
2998 CVE-2018-8953 89 Sql 2018-04-11 2018-05-17
6.5
None Remote Low Single system Partial Partial Partial
CA Workload Automation AE before r11.3.6 SP7 allows remote attackers to a perform SQL injection via a crafted HTTP request.
2999 CVE-2018-8929 417 2018-07-06 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload.
3000 CVE-2018-8926 2018-06-08 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.