CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3201 CVE-2018-11341 22 Dir. Trav. 2018-05-21 2018-08-16
6.5
None Remote Low Single system Partial Partial Partial
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.
3202 CVE-2018-11323 269 2018-05-22 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
3203 CVE-2018-11322 434 2018-05-22 2018-06-22
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
3204 CVE-2018-11311 798 2018-05-20 2018-06-26
6.4
None Remote Low Not required Partial Partial None
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
3205 CVE-2018-11278 125 2018-09-18 2018-11-09
6.6
None Local Low Not required Complete None Complete
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault.
3206 CVE-2018-11243 415 DoS 2018-05-18 2018-06-20
6.8
None Remote Medium Not required Partial Partial Partial
PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.
3207 CVE-2018-11235 22 Exec Code Dir. Trav. Bypass 2018-05-30 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
3208 CVE-2018-11231 89 Sql 2018-05-23 2018-06-26
6.8
None Remote Medium Not required Partial Partial Partial
In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information.
3209 CVE-2018-11230 416 DoS 2018-05-17 2018-06-20
6.8
None Remote Medium Not required Partial Partial Partial
jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file.
3210 CVE-2018-11226 119 DoS Overflow 2018-05-17 2018-06-20
6.8
None Remote Medium Not required Partial Partial Partial
The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
3211 CVE-2018-11225 119 DoS Overflow 2018-05-17 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.
3212 CVE-2018-11188 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 46 of 46).
3213 CVE-2018-11187 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 45 of 46).
3214 CVE-2018-11186 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 44 of 46).
3215 CVE-2018-11185 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 43 of 46).
3216 CVE-2018-11184 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46).
3217 CVE-2018-11183 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 41 of 46).
3218 CVE-2018-11182 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46).
3219 CVE-2018-11181 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 39 of 46).
3220 CVE-2018-11180 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 38 of 46).
3221 CVE-2018-11179 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 37 of 46).
3222 CVE-2018-11178 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46).
3223 CVE-2018-11177 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).
3224 CVE-2018-11176 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 34 of 46).
3225 CVE-2018-11175 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 33 of 46).
3226 CVE-2018-11174 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 32 of 46).
3227 CVE-2018-11173 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 31 of 46).
3228 CVE-2018-11172 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46).
3229 CVE-2018-11171 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46).
3230 CVE-2018-11170 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 28 of 46).
3231 CVE-2018-11169 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 27 of 46).
3232 CVE-2018-11168 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46).
3233 CVE-2018-11167 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 25 of 46).
3234 CVE-2018-11166 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 24 of 46).
3235 CVE-2018-11165 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46).
3236 CVE-2018-11164 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46).
3237 CVE-2018-11163 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46).
3238 CVE-2018-11162 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 20 of 46).
3239 CVE-2018-11161 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46).
3240 CVE-2018-11160 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 18 of 46).
3241 CVE-2018-11159 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46).
3242 CVE-2018-11158 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 16 of 46).
3243 CVE-2018-11157 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46).
3244 CVE-2018-11156 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 14 of 46).
3245 CVE-2018-11155 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 13 of 46).
3246 CVE-2018-11154 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 12 of 46).
3247 CVE-2018-11153 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46).
3248 CVE-2018-11152 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46).
3249 CVE-2018-11151 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46).
3250 CVE-2018-11150 78 2018-06-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46).
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.