CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3501 CVE-2018-9128 119 Overflow 2018-04-01 2019-04-03
6.8
None Remote Medium Not required Partial Partial Partial
DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068.
3502 CVE-2018-9116 611 DoS 2018-03-29 2018-08-13
6.4
None Remote Low Not required Partial None Partial
An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service.
3503 CVE-2018-9110 22 Dir. Trav. 2018-03-28 2018-05-29
6.4
None Remote Low Not required None Partial Partial
Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process. NOTE: this issue exists because of an incomplete fix for CVE-2018-9109.
3504 CVE-2018-9109 22 Dir. Trav. 2018-03-28 2018-05-29
6.4
None Remote Low Not required None Partial Partial
Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web server process and delete files owned by the account running the web server process.
3505 CVE-2018-9108 352 CSRF 2018-03-28 2018-04-20
6.8
None Remote Medium Not required Partial Partial Partial
CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges.
3506 CVE-2018-9107 20 2018-03-28 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
3507 CVE-2018-9106 20 2018-03-28 2018-04-19
6.8
None Remote Medium Not required Partial Partial Partial
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export.
3508 CVE-2018-9092 352 CSRF 2018-03-27 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.
3509 CVE-2018-9086 77 Exec Code 2018-11-16 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
3510 CVE-2018-9078 79 XSS 2018-09-28 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.
3511 CVE-2018-9074 22 Dir. Trav. 2018-09-28 2018-11-20
6.8
None Remote Low Single system None Complete None
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
3512 CVE-2018-9070 2018-07-13 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.
3513 CVE-2018-9054 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100284c.
3514 CVE-2018-9053 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf10026cc.
3515 CVE-2018-9052 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100283c.
3516 CVE-2018-9051 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002021.
3517 CVE-2018-9050 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100202d.
3518 CVE-2018-9049 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002833.
3519 CVE-2018-9048 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282c.
3520 CVE-2018-9047 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002841.
3521 CVE-2018-9046 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282d.
3522 CVE-2018-9045 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002849.
3523 CVE-2018-9044 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.
3524 CVE-2018-9043 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.
3525 CVE-2018-9042 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.
3526 CVE-2018-9041 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.
3527 CVE-2018-9040 20 DoS 2018-03-26 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.
3528 CVE-2018-9037 434 Exec Code 2018-04-10 2018-05-17
6.5
None Remote Low Single system Partial Partial Partial
Monstra CMS 3.0.4 allows remote code execution via an upload_file request for a .zip file, which is automatically extracted and may contain .php files.
3529 CVE-2018-9035 20 2018-04-04 2018-05-21
6.8
None Remote Medium Not required Partial Partial Partial
CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form.
3530 CVE-2018-9009 416 2018-03-24 2019-10-11
6.8
None Remote Medium Not required Partial Partial Partial
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.
3531 CVE-2018-9007 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.
3532 CVE-2018-9006 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.
3533 CVE-2018-9005 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.
3534 CVE-2018-9004 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060d0.
3535 CVE-2018-9003 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.
3536 CVE-2018-9002 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.
3537 CVE-2018-9001 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000.
3538 CVE-2018-9000 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004.
3539 CVE-2018-8999 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4.
3540 CVE-2018-8998 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc.
3541 CVE-2018-8997 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002004.
3542 CVE-2018-8996 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002007.
3543 CVE-2018-8995 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002002.
3544 CVE-2018-8994 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002003.
3545 CVE-2018-8993 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002001.
3546 CVE-2018-8992 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002005.
3547 CVE-2018-8991 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009.
3548 CVE-2018-8990 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010.
3549 CVE-2018-8989 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006.
3550 CVE-2018-8988 20 DoS 2018-03-24 2018-03-30
6.1
None Local Low Not required Partial Partial Complete
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.