CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2017-14467 2018-04-05 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Live rung edits are able to be made by an unauthenticated user allowing for addition, deletion, or modification of existing ladder logic. Additionally, faults and cpu state modification can be triggered if specific ladder logic is used.
1052 CVE-2017-14466 2018-04-05 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file.
1053 CVE-2017-14465 2018-04-05 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC.
1054 CVE-2017-14464 2018-04-05 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed.
1055 CVE-2017-14463 2018-04-05 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values.
1056 CVE-2017-14462 2018-04-05 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name.
1057 CVE-2017-14459 78 Exec Code 2018-04-11 2022-04-19
10.0
None Remote Low Not required Complete Complete Complete
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.
1058 CVE-2017-14458 416 Exec Code 2018-04-23 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
1059 CVE-2017-14450 119 Overflow 2018-04-24 2022-04-19
5.8
None Remote Medium Not required None Partial Partial
A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.
1060 CVE-2017-14449 415 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.
1061 CVE-2017-14448 119 Exec Code Overflow 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
1062 CVE-2017-14442 119 Exec Code Overflow 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
1063 CVE-2017-14441 190 Exec Code Overflow 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
1064 CVE-2017-14440 119 Exec Code Overflow 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
1065 CVE-2017-14323 918 Exec Code +Info 2018-04-10 2018-05-17
7.5
None Remote Low Not required Partial Partial Partial
SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.
1066 CVE-2017-14010 427 Exec Code 2018-04-26 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.
1067 CVE-2017-13904 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
1068 CVE-2017-13890 20 2018-04-03 2018-05-04
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the "CoreTypes" component. It allows remote attackers to trigger disk-image mounting via a crafted web site.
1069 CVE-2017-13885 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
1070 CVE-2017-13884 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
1071 CVE-2017-13877 200 +Info 2018-04-03 2018-05-04
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app.
1072 CVE-2017-13873 200 +Info 2018-04-03 2019-03-08
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app.
1073 CVE-2017-13863 295 2018-04-03 2018-05-04
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates.
1074 CVE-2017-13854 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
1075 CVE-2017-13853 119 DoS Exec Code Overflow Mem. Corr. 2018-04-03 2018-04-27
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
1076 CVE-2017-13851 Bypass 2018-04-03 2019-10-03
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files.
1077 CVE-2017-13850 119 DoS Overflow Mem. Corr. +Info 2018-04-03 2018-05-04
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font.
1078 CVE-2017-13839 200 +Info 2018-04-03 2018-05-04
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files.
1079 CVE-2017-13837 2018-04-03 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key.
1080 CVE-2017-13827 Exec Code 2018-04-03 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading.
1081 CVE-2017-13806 2018-04-03 2019-10-03
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings are allowed.
1082 CVE-2017-13678 79 XSS 2018-04-11 2021-07-08
3.5
None Remote Medium ??? None Partial None
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.
1083 CVE-2017-13677 2018-04-11 2021-06-24
5.0
None Remote Low Not required None None Partial
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.
1084 CVE-2017-13307 2018-04-04 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924.
1085 CVE-2017-13306 2018-04-04 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063.
1086 CVE-2017-13305 125 2018-04-04 2019-10-03
3.6
None Local Low Not required Partial None Partial
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.
1087 CVE-2017-13304 200 +Info 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999.
1088 CVE-2017-13303 200 +Info 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501.
1089 CVE-2017-13302 20 DoS 2018-04-04 2018-05-08
7.8
None Remote Low Not required None None Complete
A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749.
1090 CVE-2017-13301 20 DoS 2018-04-04 2018-05-08
7.8
None Remote Low Not required None None Complete
A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711.
1091 CVE-2017-13300 20 DoS 2018-04-04 2018-05-08
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394.
1092 CVE-2017-13299 2018-04-04 2018-05-08
5.0
None Remote Low Not required None None Partial
A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394.
1093 CVE-2017-13298 200 +Info 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051.
1094 CVE-2017-13297 200 +Info 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721.
1095 CVE-2017-13296 200 +Info 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454.
1096 CVE-2017-13295 20 DoS 2018-04-04 2018-05-08
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081.
1097 CVE-2017-13294 200 +Info 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449.
1098 CVE-2017-13293 787 2018-04-04 2018-05-10
7.2
None Local Low Not required Complete Complete Complete
In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701.
1099 CVE-2017-13292 787 Exec Code 2018-04-04 2018-05-10
10.0
None Remote Low Not required Complete Complete Complete
In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201.
1100 CVE-2017-13291 476 DoS 2018-04-04 2018-05-09
7.8
None Remote Low Not required None None Complete
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553.
Total number of vulnerabilities : 1672   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.