CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4051 CVE-2018-0806 Exec Code 2018-01-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807.
4052 CVE-2018-0805 Exec Code 2018-01-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807
4053 CVE-2018-0804 Exec Code 2018-01-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807.
4054 CVE-2018-0802 787 Exec Code Mem. Corr. 2018-01-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812.
4055 CVE-2018-0801 Exec Code 2018-01-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
4056 CVE-2018-0798 787 Exec Code Mem. Corr. 2018-01-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
4057 CVE-2018-0797 787 Exec Code Mem. Corr. 2018-01-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".
4058 CVE-2018-0796 Exec Code 2018-01-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
4059 CVE-2018-0795 Exec Code 2018-01-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability".
4060 CVE-2018-0794 Exec Code 2018-01-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792.
4061 CVE-2018-0793 Exec Code 2018-01-10 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791.
4062 CVE-2018-0792 787 Exec Code 2018-01-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794.
4063 CVE-2018-0791 Exec Code 2018-01-10 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793.
4064 CVE-2018-0789 2018-01-10 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790.
4065 CVE-2018-0721 119 Overflow 2018-11-27 2020-01-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
4066 CVE-2018-0710 78 2018-07-17 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
4067 CVE-2018-0709 78 2018-07-17 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
4068 CVE-2018-0708 78 2018-07-17 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
4069 CVE-2018-0707 78 2018-07-17 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
4070 CVE-2018-0694 78 Exec Code 2018-11-15 2018-12-17
10.0
None Remote Low Not required Complete Complete Complete
FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
4071 CVE-2018-0692 426 +Priv 2018-11-15 2018-12-18
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
4072 CVE-2018-0663 798 Exec Code 2018-09-07 2018-11-01
9.0
None Remote Low ??? Complete Complete Complete
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector.
4073 CVE-2018-0649 426 +Priv 2018-09-07 2018-11-19
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except packaged ones)) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
4074 CVE-2018-0639 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low ??? Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via tools_firmware.cgi date parameter, time parameter, and offset parameter.
4075 CVE-2018-0638 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low ??? Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via import.cgi encKey parameter.
4076 CVE-2018-0637 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low ??? Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via export.cgi encKey parameter.
4077 CVE-2018-0636 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low ??? Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter of a certain URL, different URL from CVE-2018-0634.
4078 CVE-2018-0635 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low ??? Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter.
4079 CVE-2018-0634 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low ??? Complete Complete Complete
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via FactoryPassword parameter or bootmode parameter of a certain URL.
4080 CVE-2018-0631 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low ??? Complete Complete Complete
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
4081 CVE-2018-0630 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low ??? Complete Complete Complete
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter.
4082 CVE-2018-0629 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low ??? Complete Complete Complete
Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
4083 CVE-2018-0628 78 Exec Code 2019-01-09 2019-01-17
9.0
None Remote Low ??? Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response.
4084 CVE-2018-0627 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low ??? Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter.
4085 CVE-2018-0626 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low ??? Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter.
4086 CVE-2018-0625 78 Exec Code 2019-01-09 2019-01-15
9.0
None Remote Low ??? Complete Complete Complete
Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter.
4087 CVE-2018-0601 426 +Priv 2018-06-26 2018-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in axpdfium v0.01 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
4088 CVE-2018-0599 426 +Priv 2018-06-26 2018-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
4089 CVE-2018-0598 426 +Priv 2018-06-26 2018-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
4090 CVE-2018-0563 426 +Priv 2018-06-26 2018-08-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
4091 CVE-2018-0562 426 +Priv 2018-04-16 2018-05-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
4092 CVE-2018-0561 426 +Priv 2018-04-16 2018-05-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
4093 CVE-2018-0555 119 Exec Code Overflow 2018-04-09 2018-05-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file.
4094 CVE-2018-0545 78 Exec Code 2018-04-09 2018-05-15
10.0
None Remote Low Not required Complete Complete Complete
LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
4095 CVE-2018-0544 426 +Priv 2018-03-09 2018-03-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
4096 CVE-2018-0543 426 +Priv 2018-03-09 2018-03-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
4097 CVE-2018-0541 119 Exec Code Overflow 2018-03-22 2018-04-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors.
4098 CVE-2018-0539 78 Exec Code 2018-03-22 2018-04-13
10.0
None Remote Low Not required Complete Complete Complete
QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors.
4099 CVE-2018-0514 78 Exec Code 2018-02-08 2018-03-10
10.0
None Remote Low Not required Complete Complete Complete
MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
4100 CVE-2018-0507 426 +Priv 2018-01-26 2018-02-13
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.