CVE List - 2018 / April
Showing 1 - 100 of 1667 CVEs for April 2018 (Page 1 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-6849 | 2018-04-01 | In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address... |
| CVE-2018-9149 | 2018-04-01 | The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a suitable mechanism to protect the UART. After an attacker dismantles the device and uses a USB-to-UART cable to... |
| CVE-2018-9156 | 2018-04-01 | An issue was discovered on AXIS P1354 (IP camera) Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by... |
| CVE-2018-9157 | 2018-04-01 | An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by... |
| CVE-2018-9158 | 2018-04-01 | An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time... |
| CVE-2018-9165 | 2018-04-01 | The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the... |
| CVE-2018-9172 | 2018-04-01 | The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. |
| CVE-2018-1092 | 2018-04-02 | The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of... |
| CVE-2018-1093 | 2018-04-02 | The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because... |
| CVE-2018-1094 | 2018-04-02 | The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL... |
| CVE-2018-1095 | 2018-04-02 | The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows... |
| CVE-2018-9173 | 2018-04-02 | Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. |
| CVE-2018-9174 | 2018-04-02 | sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control. |
| CVE-2018-9175 | 2018-04-02 | DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php. |
| CVE-2018-9163 | 2018-04-02 | A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script... |
| CVE-2018-1038 | 2018-04-02 | The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows... |
| CVE-2018-6660 | 2018-04-02 | SB10228 ePO Directory Traversal vulnerability |
| CVE-2018-6661 | 2018-04-02 | TS102801 True Key DLL Side-Loading vulnerability |
| CVE-2018-0194 | 2018-04-02 | Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could... |
| CVE-2018-9183 | 2018-04-02 | The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. |
| CVE-2018-6247 | 2018-04-02 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible... |
| CVE-2018-6248 | 2018-04-02 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but... |
| CVE-2018-6249 | 2018-04-02 | NVIDIA GPU Display Driver contains a vulnerability in kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges. |
| CVE-2018-6250 | 2018-04-02 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a NULL pointer dereference occurs which may lead to denial of service... |
| CVE-2018-6251 | 2018-04-02 | NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where a specially crafted pixel shader can cause writing to unallocated memory, leading to denial of... |
| CVE-2018-6252 | 2018-04-02 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to... |
| CVE-2018-6253 | 2018-04-02 | NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service. |
| CVE-2018-9127 | 2018-04-02 | Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This... |
| CVE-2016-8717 | 2018-04-02 | An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded... |
| CVE-2018-1295 | 2018-04-02 | In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party... |
| CVE-2018-6659 | 2018-04-02 | SB10228 ePO Reflected Cross-Site Scripting vulnerability |
| CVE-2018-9230 | 2018-04-02 | In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access... |
| CVE-2017-13904 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue... |
| CVE-2017-17742 | 2018-04-03 | Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into... |
| CVE-2017-13806 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings... |
| CVE-2017-13827 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged... |
| CVE-2017-13837 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the... |
| CVE-2017-13839 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files. |
| CVE-2017-13850 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service... |
| CVE-2017-13851 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home... |
| CVE-2017-13853 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context... |
| CVE-2017-13854 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue... |
| CVE-2017-13863 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission... |
| CVE-2017-13873 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue... |
| CVE-2017-13877 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via... |
| CVE-2017-13884 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows... |
| CVE-2017-13885 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows... |
| CVE-2017-13890 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the "CoreTypes" component. It allows remote attackers to trigger... |
| CVE-2017-2492 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It... |
| CVE-2017-2493 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected.... |
| CVE-2017-6976 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to bypass intended access restrictions (for iCloud... |
| CVE-2017-7000 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute... |
| CVE-2017-7001 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute... |
| CVE-2017-7002 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute... |
| CVE-2017-7003 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue... |
| CVE-2017-7004 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "Security" component. A race condition allows attackers to... |
| CVE-2017-7005 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It... |
| CVE-2017-7065 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It... |
| CVE-2017-7066 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows attackers to cause a... |
| CVE-2017-7070 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows physically proximate attackers to bypass the screen-locking protection mechanism... |
| CVE-2017-7071 | 2018-04-03 | An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a... |
| CVE-2017-7075 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search... |
| CVE-2017-7153 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows... |
| CVE-2017-7161 | 2018-04-03 | An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via... |
| CVE-2017-7164 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the "App Store" component. It allows man-in-the-middle attackers to... |
| CVE-2017-7165 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows... |
| CVE-2017-7167 | 2018-04-03 | An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer overflow allows remote attackers to execute arbitrary code via... |
| CVE-2017-7170 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Security" component. It allows attackers to execute arbitrary code in a privileged context... |
| CVE-2017-7171 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue... |
| CVE-2017-7172 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows... |
| CVE-2017-7173 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted... |
| CVE-2018-4082 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue... |
| CVE-2018-4083 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Touch Bar Support" component. It allows attackers to execute arbitrary code in a... |
| CVE-2018-4084 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Wi-Fi" component. It allows attackers to bypass intended memory-read restrictions via a crafted... |
| CVE-2018-4085 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue... |
| CVE-2018-4086 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue... |
| CVE-2018-4087 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Core Bluetooth" component.... |
| CVE-2018-4088 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected.... |
| CVE-2018-4089 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue... |
| CVE-2018-4090 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue... |
| CVE-2018-4091 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism. |
| CVE-2018-4092 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue... |
| CVE-2018-4093 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue... |
| CVE-2018-4094 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue... |
| CVE-2018-4095 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Core Bluetooth" component.... |
| CVE-2018-4096 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. iCloud before 7.3 on Windows is affected.... |
| CVE-2018-4097 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context... |
| CVE-2018-4098 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context... |
| CVE-2018-4100 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. watchOS before 4.2.2 is affected. The issue involves the "LinkPresentation" component. It... |
| CVE-2018-4101 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows... |
| CVE-2018-4102 | 2018-04-03 | An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a... |
| CVE-2018-4104 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue... |
| CVE-2018-4105 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password... |
| CVE-2018-4106 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the Bracketed Paste Mode of the "Terminal" component. It allows user-assisted attackers to inject... |
| CVE-2018-4107 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "PDFKit" component. It allows remote attackers to bypass intended restrictions on visiting URLs... |
| CVE-2018-4108 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Management" component. It allows attackers to trigger truncation of an APFS volume... |
| CVE-2018-4109 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Graphics Driver" component.... |
| CVE-2018-4110 | 2018-04-03 | An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Web App" component. It allows remote attackers to bypass intended restrictions on cookie... |
| CVE-2018-4111 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by... |
| CVE-2018-4112 | 2018-04-03 | An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "ATS" component. It allows attackers to obtain sensitive information by leveraging symlink mishandling. |