CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2018-5342 732 2018-04-18 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account.
502 CVE-2018-5341 20 2018-04-18 2019-03-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.
503 CVE-2018-5340 2018-04-18 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries).
504 CVE-2018-5339 306 2018-04-18 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions.
505 CVE-2018-5338 306 2018-04-18 2019-03-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism.
506 CVE-2018-5337 22 Dir. Trav. 2018-04-18 2019-03-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts.
507 CVE-2018-5254 417 DoS 2018-04-12 2018-05-18
5.0
None Remote Low Not required None None Partial
Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.
508 CVE-2018-5234 Exec Code 2018-04-30 2019-10-03
8.3
None Local Network Low Not required Complete Complete Complete
The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software.
509 CVE-2018-5228 79 XSS 2018-04-24 2018-06-06
4.3
None Remote Medium Not required None Partial None
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.
510 CVE-2018-5227 79 XSS 2018-04-10 2018-05-16
3.5
None Remote Medium ??? None Partial None
Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.
511 CVE-2018-5226 Exec Code 2018-04-25 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. All versions of Sourcetree for Windows before 2.5.5.0 are affected by this vulnerability.
512 CVE-2018-5190 565 2018-04-17 2019-10-03
5.0
None Remote Low Not required Partial None None
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php.
513 CVE-2018-4863 254 Bypass 2018-04-05 2018-05-18
2.1
None Local Low Not required None Partial None
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
514 CVE-2018-4847 311 2018-04-23 2019-10-03
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue.
515 CVE-2018-4832 20 2018-04-24 2022-04-12
5.0
None Remote Low Not required None None Partial
A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
516 CVE-2018-4176 20 2018-04-03 2018-05-04
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Disk Images" component. It allows attackers to trigger an app launch upon mounting a crafted disk image.
517 CVE-2018-4175 20 Bypass 2018-04-03 2018-05-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "LaunchServices" component. It allows attackers to bypass the code-signing protection mechanism via a crafted app.
518 CVE-2018-4174 2018-04-03 2019-10-03
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface.
519 CVE-2018-4173 269 2018-04-13 2019-10-03
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Status Bar" component. It allows invisible microphone access via a crafted app.
520 CVE-2018-4172 Bypass 2018-04-03 2019-10-03
2.1
None Local Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore.
521 CVE-2018-4170 522 2018-04-03 2019-10-03
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.
522 CVE-2018-4168 200 +Info 2018-04-03 2018-05-04
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.
523 CVE-2018-4167 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
524 CVE-2018-4166 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
525 CVE-2018-4165 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
526 CVE-2018-4164 2018-04-03 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component.
527 CVE-2018-4163 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
528 CVE-2018-4162 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2020-08-14
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
529 CVE-2018-4161 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
530 CVE-2018-4160 125 DoS Exec Code 2018-04-03 2018-05-04
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
531 CVE-2018-4158 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
532 CVE-2018-4157 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
533 CVE-2018-4156 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
534 CVE-2018-4155 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
535 CVE-2018-4154 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Storage" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
536 CVE-2018-4152 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Notes" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
537 CVE-2018-4151 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
538 CVE-2018-4150 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
539 CVE-2018-4149 20 2018-04-03 2018-05-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "SafariViewController" component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page.
540 CVE-2018-4148 119 Exec Code Overflow 2018-04-03 2018-05-04
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. A buffer overflow allows remote attackers to execute arbitrary code.
541 CVE-2018-4146 119 DoS Overflow Mem. Corr. 2018-04-03 2019-03-08
4.3
None Remote Medium Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows attackers to cause a denial of service (memory corruption) via a crafted web site.
542 CVE-2018-4144 119 Exec Code Overflow 2018-04-03 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Security" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app.
543 CVE-2018-4143 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
544 CVE-2018-4142 20 DoS 2018-04-03 2019-03-08
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted string.
545 CVE-2018-4140 476 DoS 2018-04-03 2018-05-03
7.8
None Remote Low Not required None None Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.
546 CVE-2018-4139 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2019-03-07
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
547 CVE-2018-4138 200 Bypass +Info 2018-04-03 2018-04-27
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
548 CVE-2018-4137 200 +Info 2018-04-03 2018-05-04
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.
549 CVE-2018-4136 125 DoS Exec Code 2018-04-03 2018-05-04
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.
550 CVE-2018-4135 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-04-27
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
Total number of vulnerabilities : 1672   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.