CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3401 CVE-2018-12822 416 Exec Code 2018-10-17 2018-12-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
3402 CVE-2018-12815 416 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3403 CVE-2018-12814 787 Exec Code Overflow 2018-10-17 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
3404 CVE-2018-12813 787 Exec Code Overflow 2018-10-17 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
3405 CVE-2018-12812 704 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3406 CVE-2018-12802 Bypass 2018-07-20 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to privilege escalation.
3407 CVE-2018-12798 787 Exec Code Overflow 2018-07-20 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3408 CVE-2018-12797 416 Exec Code 2018-07-20 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3409 CVE-2018-12796 416 Exec Code 2018-07-20 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3410 CVE-2018-12792 416 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3411 CVE-2018-12791 416 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3412 CVE-2018-12787 787 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3413 CVE-2018-12782 415 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3414 CVE-2018-12769 416 Exec Code 2018-10-12 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
3415 CVE-2018-12760 787 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3416 CVE-2018-12759 787 Exec Code 2018-10-12 2019-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
3417 CVE-2018-12758 787 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3418 CVE-2018-12756 416 Exec Code 2018-07-20 2019-08-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3419 CVE-2018-12755 787 Exec Code 2018-07-20 2020-02-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3420 CVE-2018-12754 787 Exec Code 2018-07-20 2020-02-24
10.0
None Remote Low Not required Complete Complete Complete
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
3421 CVE-2018-12714 787 DoS 2018-06-24 2018-08-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls.
3422 CVE-2018-12670 78 2018-10-19 2019-01-09
10.0
None Remote Low Not required Complete Complete Complete
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow OS Command Injection.
3423 CVE-2018-12668 798 2018-10-19 2019-01-25
10.0
None Remote Low Not required Complete Complete Complete
SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices have a Hard-coded Password.
3424 CVE-2018-12591 78 Exec Code 2018-06-20 2018-08-13
9.0
None Remote Low ??? Complete Complete Complete
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary shell instructions.
3425 CVE-2018-12590 134 Exec Code 2018-06-20 2020-02-13
9.0
None Remote Low ??? Complete Complete Complete
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admin account could escape the restricted CLI and execute arbitrary code.
3426 CVE-2018-12526 798 2018-06-21 2018-08-14
10.0
None Remote Low Not required Complete Complete Complete
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
3427 CVE-2018-12483 78 Exec Code 2018-08-04 2018-10-02
9.0
None Remote Low ??? Complete Complete Complete
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability.
3428 CVE-2018-12465 78 Exec Code 2018-06-29 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).
3429 CVE-2018-12455 287 2018-10-10 2018-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
3430 CVE-2018-12391 863 2019-02-28 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
3431 CVE-2018-12368 Exec Code 2018-10-18 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This also allows a WebExtension with the limited downloads.open permission to execute arbitrary code without user interaction on Windows 10 systems. *Note: this issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
3432 CVE-2018-12338 2018-06-17 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access.
3433 CVE-2018-12336 200 +Info 2018-06-17 2018-08-10
10.0
None Remote Low Not required Complete Complete Complete
Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.
3434 CVE-2018-12317 78 Exec Code 2018-12-04 2019-01-24
9.0
None Remote Low ??? Complete Complete Complete
OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.
3435 CVE-2018-12316 78 Exec Code 2018-12-04 2018-12-21
9.0
None Remote Low ??? Complete Complete Complete
OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.
3436 CVE-2018-12313 78 Exec Code 2018-12-04 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter.
3437 CVE-2018-12312 78 Exec Code 2018-12-04 2018-12-20
9.0
None Remote Low ??? Complete Complete Complete
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "secret_key" URL parameter.
3438 CVE-2018-12307 78 Exec Code 2018-12-04 2018-12-20
9.0
None Remote Low ??? Complete Complete Complete
OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter.
3439 CVE-2018-12237 78 Exec Code 2019-01-24 2019-02-11
9.0
None Remote Low ??? Complete Complete Complete
The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges.
3440 CVE-2018-12072 2018-06-17 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it.
3441 CVE-2018-12049 287 Bypass 2018-06-08 2018-08-01
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** A remote attacker can bypass the System Manager Mode on the Canon LBP6030w web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.
3442 CVE-2018-12048 287 Bypass 2018-06-08 2018-08-03
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** A remote attacker can bypass the Management Mode on the Canon LBP7110Cw web interface without a PIN for /checkLogin.cgi via vectors involving /portal_top.html to get full access to the device. NOTE: the vendor reportedly responded that this issue occurs when a customer keeps the default settings without using the countermeasures and best practices shown in the documentation.
3443 CVE-2018-11953 125 2019-05-24 2019-05-29
10.0
None Remote Low Not required Complete Complete Complete
While processing ssid IE length from remote AP, possible out-of-bounds access may occur due to crafted ssid IE length in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SDM439, SDX20
3444 CVE-2018-11949 665 2019-05-24 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24
3445 CVE-2018-11940 119 Overflow 2019-05-24 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130
3446 CVE-2018-11937 125 2019-05-24 2019-05-29
10.0
None Remote Low Not required Complete Complete Complete
Lack of input validation before copying can lead to a buffer over read in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150
3447 CVE-2018-11936 400 2019-05-24 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
Index of array is processed in a wrong way inside a while loop and result in invalid index (-1 or something else) leads to out of bound memory access. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820, SD 820A, SD 835, SDX20, SDX24, Snapdragon_High_Med_2016
3448 CVE-2018-11930 191 2019-05-24 2019-05-29
10.0
None Remote Low Not required Complete Complete Complete
Improper input validation on input data which is used to locate and copy the additional IEs in WLAN function can lead to potential integer truncation issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150
3449 CVE-2018-11905 119 Overflow 2018-12-07 2019-01-02
10.0
None Remote Low Not required Complete Complete Complete
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received from firmware.
3450 CVE-2018-11808 20 2018-06-06 2018-08-07
10.0
None Remote Low Not required Complete Complete Complete
Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.