CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3101 CVE-2018-5223 20 Exec Code 2018-03-29 2018-04-24
6.5
None Remote Low Single system Partial Partial Partial
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run a vulnerable version of Fisheye or Crucible on the Windows operating system. All versions of Fisheye and Crucible before 4.4.6 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.3 (the fixed version for 4.5.x) are affected by this vulnerability.
3102 CVE-2018-5221 119 Exec Code Overflow 2018-01-09 2018-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX control (BarcodeWiz.DLL) allow remote attackers to execute arbitrary code via a long argument to the (1) BottomText or (2) TopText property.
3103 CVE-2018-5220 20 DoS 2018-01-04 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.
3104 CVE-2018-5219 20 DoS 2018-01-04 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.
3105 CVE-2018-5218 20 DoS 2018-01-04 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.
3106 CVE-2018-5217 20 DoS 2018-01-04 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.
3107 CVE-2018-5202 264 Exec Code 2018-12-21 2019-01-17
6.8
None Remote Medium Not required Partial Partial Partial
SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. This vulnerability exists due to the way .dll files are loaded by SKCertService. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.
3108 CVE-2018-5200 119 Exec Code Overflow Mem. Corr. 2018-12-20 2019-01-07
6.8
None Remote Medium Not required Partial Partial Partial
KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted FLV format file. The problem is that more frame data is copied to heap memory than the size specified in the frame header. This results in a memory corruption and remote code execution.
3109 CVE-2018-5199 20 2018-12-20 2019-01-07
6.8
None Remote Medium Not required Partial Partial Partial
In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file.
3110 CVE-2018-5198 362 Exec Code 2018-12-20 2019-01-07
6.8
None Remote Medium Not required Partial Partial Partial
In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. This results in remote code execution.
3111 CVE-2018-5196 119 Exec Code Overflow 2018-12-21 2019-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. By persuading a victim to open a specially-crafted LZH archive file, a attacker could execute arbitrary code execution.
3112 CVE-2018-5178 119 Overflow 2018-06-11 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.
3113 CVE-2018-5158 94 2018-06-11 2018-10-20
6.8
None Remote Medium Not required Partial Partial Partial
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
3114 CVE-2018-5146 787 2018-06-11 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
3115 CVE-2018-5141 20 DoS 2018-06-11 2018-08-02
6.4
None Remote Low Not required Partial None Partial
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.
3116 CVE-2018-5130 20 2018-06-11 2018-10-20
6.8
None Remote Medium Not required Partial Partial Partial
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
3117 CVE-2018-5127 119 Overflow 2018-06-11 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
3118 CVE-2018-5125 119 Overflow Mem. Corr. 2018-06-11 2018-11-25
6.8
None Remote Medium Not required Partial Partial Partial
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
3119 CVE-2018-5123 352 2019-04-29 2019-05-08
6.8
None Remote Medium Not required Partial Partial Partial
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.
3120 CVE-2018-5088 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.
3121 CVE-2018-5087 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.
3122 CVE-2018-5086 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.
3123 CVE-2018-5085 20 DoS 2018-01-03 2018-01-12
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.
3124 CVE-2018-5084 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.
3125 CVE-2018-5083 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.
3126 CVE-2018-5082 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.
3127 CVE-2018-5081 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.
3128 CVE-2018-5080 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.
3129 CVE-2018-5079 20 DoS 2018-01-03 2018-01-11
6.1
None Local Low Not required Partial Partial Complete
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.
3130 CVE-2018-5073 352 CSRF 2018-01-03 2018-01-17
6.0
None Remote Medium Single system Partial Partial Partial
Online Ticket Booking has CSRF via admin/movieedit.php.
3131 CVE-2018-5067 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3132 CVE-2018-5065 416 Exec Code 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3133 CVE-2018-5059 787 Exec Code 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3134 CVE-2018-5058 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3135 CVE-2018-5057 704 Exec Code 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3136 CVE-2018-5052 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3137 CVE-2018-5045 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3138 CVE-2018-5043 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3139 CVE-2018-5042 787 Exec Code 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3140 CVE-2018-5041 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3141 CVE-2018-5040 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3142 CVE-2018-5038 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3143 CVE-2018-5037 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3144 CVE-2018-5036 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3145 CVE-2018-5034 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3146 CVE-2018-5032 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3147 CVE-2018-5030 476 Exec Code 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3148 CVE-2018-5028 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3149 CVE-2018-5020 787 Exec Code 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3150 CVE-2018-5015 119 Exec Code Overflow 2018-07-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.