Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4293 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | |||||
| CVE-2018-4385 | 1 Apple | 1 Iphone Os | 2019-04-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1. | |||||
| CVE-2018-4377 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | |||||
| CVE-2018-4396 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4417 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4418 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4400 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1. | |||||
| CVE-2018-4379 | 1 Apple | 1 Iphone Os | 2019-04-05 | 2.1 LOW | 5.5 MEDIUM |
| A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1. | |||||
| CVE-2018-4406 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4346 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4345 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2018-4338 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4342 | 1 Apple | 1 Mac Os X | 2019-04-05 | 2.1 LOW | 5.5 MEDIUM |
| A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1. | |||||
| CVE-2018-4348 | 1 Apple | 1 Mac Os X | 2019-04-05 | 2.1 LOW | 5.5 MEDIUM |
| A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-1731 | 1 Ibm | 1 Doors Next Generation | 2019-04-05 | 3.5 LOW | 4.8 MEDIUM |
| IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147710. | |||||
| CVE-2018-20544 | 3 Canonical, Debian, Libcaca Project | 3 Ubuntu Linux, Debian Linux, Libcaca | 2019-04-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. | |||||
| CVE-2018-12198 | 1 Intel | 1 Server Platform Services Firmware | 2019-04-04 | 2.1 LOW | 6.0 MEDIUM |
| Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged user to potentially cause a denial of service via local access. | |||||
| CVE-2018-12192 | 1 Intel | 2 Converged Security Management Engine Firmware, Server Platform Services Firmware | 2019-04-04 | 7.2 HIGH | 6.8 MEDIUM |
| Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access. | |||||
| CVE-2018-4282 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-04-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2. | |||||
| CVE-2018-4308 | 1 Apple | 1 Mac Os X | 2019-04-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4305 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-04-04 | 3.3 LOW | 6.5 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. | |||||
| CVE-2018-4307 | 1 Apple | 2 Iphone Os, Safari | 2019-04-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12. | |||||
| CVE-2018-4313 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-04-04 | 2.1 LOW | 5.5 MEDIUM |
| A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. | |||||
| CVE-2018-4365 | 1 Apple | 1 Iphone Os | 2019-04-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12.1. | |||||
| CVE-2018-4321 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-04-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12. | |||||
| CVE-2018-6266 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2019-04-04 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. | |||||
| CVE-2018-18091 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 6.5 MEDIUM |
| Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an unprivileged user to potentially enable a denial of service via local access. | |||||
| CVE-2018-18090 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 5.5 MEDIUM |
| Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2018-18089 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 5.5 MEDIUM |
| Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2018-12212 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 6.5 MEDIUM |
| Buffer overflow in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access. | |||||
| CVE-2018-12219 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read memory via local access via local access. | |||||
| CVE-2018-12215 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 6.0 MEDIUM |
| Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to cause a denial of service via local access. | |||||
| CVE-2018-12211 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 6.5 MEDIUM |
| Insufficient input validation in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access. | |||||
| CVE-2018-12213 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 6.0 MEDIUM |
| Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access. | |||||
| CVE-2018-4153 | 1 Apple | 1 Mac Os X | 2019-04-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| An injection issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4289 | 1 Apple | 1 Mac Os X | 2019-04-04 | 7.1 HIGH | 5.5 MEDIUM |
| An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6. | |||||
| CVE-2018-4304 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-04 | 4.3 MEDIUM | 5.0 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | |||||
| CVE-2018-4309 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-04-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||||
| CVE-2019-10654 | 1 Lrzip Project | 1 Lrzip | 2019-04-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845. | |||||
| CVE-2018-4266 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| A race condition was addressed with additional validation. This issue affected versions prior toiVersions prior to: OS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | |||||
| CVE-2018-15180 | 1 Qasymphony | 1 Qtest Manager | 2019-04-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter. | |||||
| CVE-2018-4260 | 1 Apple | 2 Iphone Os, Safari | 2019-04-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2. | |||||
| CVE-2018-4279 | 1 Apple | 1 Safari | 2019-04-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2. | |||||
| CVE-2018-4270 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | |||||
| CVE-2018-12201 | 1 Intel | 7 Celeron, Core I3, Core I5 and 4 more | 2019-04-03 | 7.2 HIGH | 6.7 MEDIUM |
| Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access. | |||||
| CVE-2014-9645 | 1 Busybox | 1 Busybox | 2019-04-03 | 2.1 LOW | 5.5 MEDIUM |
| The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command. | |||||
| CVE-2018-20592 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2019-04-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc. | |||||
| CVE-2018-18882 | 1 Controlbyweb | 2 X-320m-i, X-320m-i Firmware | 2019-04-03 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. | |||||
| CVE-2018-20005 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2019-04-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. | |||||
| CVE-2018-18710 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-04-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. | |||||