High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-22	CVE-2021-44029	Deserialization of Untrusted Data vulnerability in Quest Kace Desktop Authority An issue was discovered in Quest KACE Desktop Authority before 11.2. network low complexity quest CWE-502	7.5
2021-12-22	CVE-2021-44031	Unrestricted Upload of File with Dangerous Type vulnerability in Quest Kace Desktop Authority An issue was discovered in Quest KACE Desktop Authority before 11.2. network low complexity quest CWE-434	7.5
2020-03-09	CVE-2019-20504	OS Command Injection vulnerability in Quest Kace Systems Management service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter. network low complexity quest CWE-78	7.5
2019-11-06	CVE-2019-12918	SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. network low complexity quest CWE-89	7.5
2018-06-02	CVE-2018-11143	OS Command Injection vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46). network low complexity quest CWE-78	7.5
2018-05-31	CVE-2018-11141	Path Traversal vulnerability in Quest Kace System Management Appliance 8.0.318 The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. network low complexity quest CWE-22	7.5
2018-05-31	CVE-2018-11140	SQL Injection vulnerability in Quest Kace System Management Appliance 8.0.318 The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type). network low complexity quest CWE-89	7.5
2018-05-31	CVE-2018-11136	SQL Injection vulnerability in Quest Kace System Management Appliance 8.0.318 The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type). network low complexity quest CWE-89	7.5
2018-05-31	CVE-2018-11135	Unspecified vulnerability in Quest Kace System Management Appliance 8.0.318 The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks. network low complexity quest	8.8
2018-02-08	CVE-2018-1162	Unspecified vulnerability in Quest Netvault Backup 11.2.0.13 This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Quest NetVault Backup 11.2.0.13. network low complexity quest	8.5