Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4368 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. | |||||
| CVE-2018-4399 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | |||||
| CVE-2018-4389 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1. | |||||
| CVE-2018-4398 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8. | |||||
| CVE-2018-4397 | 1 Apple | 2 Apple Support, Iphone Os | 2019-04-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS. | |||||
| CVE-2018-4363 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-04-05 | 7.1 HIGH | 5.5 MEDIUM |
| An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. | |||||
| CVE-2018-4423 | 1 Apple | 1 Mac Os X | 2019-04-05 | 6.8 MEDIUM | 7.8 HIGH |
| A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1. | |||||
| CVE-2018-4369 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-05 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. | |||||
| CVE-2018-4293 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-04-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6. | |||||
| CVE-2018-4385 | 1 Apple | 1 Iphone Os | 2019-04-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1. | |||||
| CVE-2018-4396 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4417 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4418 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4400 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1. | |||||
| CVE-2018-4406 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4346 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4338 | 1 Apple | 1 Mac Os X | 2019-04-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4342 | 1 Apple | 1 Mac Os X | 2019-04-05 | 2.1 LOW | 5.5 MEDIUM |
| A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1. | |||||
| CVE-2018-4348 | 1 Apple | 1 Mac Os X | 2019-04-05 | 2.1 LOW | 5.5 MEDIUM |
| A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-11294 | 1 Google | 1 Android | 2019-04-05 | 5.8 MEDIUM | 8.0 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. While processing this information only the first 3 AC information is copied due to the improper conditional logic used to compare with the max number of categories. | |||||
| CVE-2019-3871 | 2 Fedoraproject, Powerdns | 2 Fedora, Authoritative Server | 2019-04-05 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response | |||||
| CVE-2018-12198 | 1 Intel | 1 Server Platform Services Firmware | 2019-04-04 | 2.1 LOW | 6.0 MEDIUM |
| Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged user to potentially cause a denial of service via local access. | |||||
| CVE-2018-4303 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-04 | 6.8 MEDIUM | 7.8 HIGH |
| An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14, iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. | |||||
| CVE-2018-4305 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-04-04 | 3.3 LOW | 6.5 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. | |||||
| CVE-2018-4307 | 1 Apple | 2 Iphone Os, Safari | 2019-04-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12, Safari 12. | |||||
| CVE-2018-4313 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-04-04 | 2.1 LOW | 5.5 MEDIUM |
| A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. | |||||
| CVE-2018-4322 | 1 Apple | 1 Iphone Os | 2019-04-04 | 2.1 LOW | 3.3 LOW |
| This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12. | |||||
| CVE-2018-4321 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-04-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12. | |||||
| CVE-2018-12211 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 6.5 MEDIUM |
| Insufficient input validation in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access. | |||||
| CVE-2018-12215 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 6.0 MEDIUM |
| Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to cause a denial of service via local access. | |||||
| CVE-2018-12216 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 7.2 HIGH | 8.2 HIGH |
| Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access. | |||||
| CVE-2018-12219 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read memory via local access via local access. | |||||
| CVE-2018-12221 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an integer overflow via local access. | |||||
| CVE-2018-12222 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 3.3 LOW |
| Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an out of bound memory read via local access. | |||||
| CVE-2017-13911 | 1 Apple | 1 Mac Os X | 2019-04-04 | 9.3 HIGH | 7.8 HIGH |
| A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2. | |||||
| CVE-2018-4304 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-04 | 4.3 MEDIUM | 5.0 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | |||||
| CVE-2018-4295 | 1 Apple | 1 Mac Os X | 2019-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| An input validation issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4260 | 1 Apple | 2 Iphone Os, Safari | 2019-04-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2. | |||||
| CVE-2018-4279 | 1 Apple | 1 Safari | 2019-04-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2. | |||||
| CVE-2018-4274 | 1 Apple | 2 Iphone Os, Safari | 2019-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, Safari 11.1.2. | |||||
| CVE-2015-5606 | 1 Axway | 1 Vordel Xml Gateway | 2019-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request. | |||||
| CVE-2014-9645 | 1 Busybox | 1 Busybox | 2019-04-03 | 2.1 LOW | 5.5 MEDIUM |
| The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command. | |||||
| CVE-2018-11872 | 1 Qualcomm | 6 Sd 845, Sd 845 Firmware, Sd 850 and 3 more | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660 | |||||
| CVE-2018-11873 | 1 Qualcomm | 2 Sd845, Sd845 Firmware | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 845. | |||||
| CVE-2018-18021 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-04-03 | 3.6 LOW | 7.1 HIGH |
| arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes. | |||||
| CVE-2018-10916 | 3 Canonical, Lftp Project, Opensuse | 3 Ubuntu Linux, Lftp, Leap | 2019-04-02 | 7.8 HIGH | 6.5 MEDIUM |
| It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system. | |||||
| CVE-2018-13798 | 1 Siemens | 6 Sicam A8000 Cp-8000, Sicam A8000 Cp-8000 Firmware, Sicam A8000 Cp-802x and 3 more | 2019-04-02 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public. | |||||
| CVE-2017-9376 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2019-04-02 | 5.0 MEDIUM | 6.5 MEDIUM |
| ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. | |||||
| CVE-2018-20378 | 1 Opensynergy | 1 Blue Sdk | 2019-04-01 | 5.4 MEDIUM | 7.5 HIGH |
| The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c. | |||||
| CVE-2017-1428 | 1 Ibm | 1 Cognos Analytics | 2019-04-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583. | |||||