CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2017-2869 119 Exec Code Overflow 2018-04-05 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.
1252 CVE-2017-2868 119 Exec Code Overflow 2018-04-05 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.
1253 CVE-2017-2867 119 Exec Code Overflow 2018-04-05 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability.
1254 CVE-2017-2861 125 DoS 2018-04-05 2022-04-19
5.0
None Remote Low Not required None None Partial
An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
1255 CVE-2017-2853 119 Exec Code Overflow 2018-04-05 2022-04-19
7.5
None Remote Low Not required Partial Partial Partial
An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.
1256 CVE-2017-2840 119 Exec Code Overflow 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.
1257 CVE-2017-2839 20 DoS 2018-04-24 2022-04-19
4.3
None Remote Medium Not required None None Partial
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
1258 CVE-2017-2838 20 DoS 2018-04-24 2022-04-19
4.3
None Remote Medium Not required None None Partial
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
1259 CVE-2017-2837 20 DoS 2018-04-24 2022-04-19
4.3
None Remote Medium Not required None None Partial
An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
1260 CVE-2017-2836 295 DoS 2018-04-24 2022-04-19
4.3
None Remote Medium Not required None None Partial
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
1261 CVE-2017-2835 787 Exec Code 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.
1262 CVE-2017-2834 787 Exec Code 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability.
1263 CVE-2017-2833 78 2018-04-24 2022-04-19
8.5
None Remote Medium ??? Complete Complete Complete
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device.
1264 CVE-2017-2832 78 2018-04-24 2022-04-19
9.0
None Remote Low ??? Complete Complete Complete
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
1265 CVE-2017-2826 200 +Info 2018-04-09 2019-03-13
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.
1266 CVE-2017-2825 2018-04-20 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.
1267 CVE-2017-2812 787 Exec Code 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise.
1268 CVE-2017-2811 787 Exec Code 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise.
1269 CVE-2017-2804 787 Mem. Corr. 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability.
1270 CVE-2017-2803 787 Mem. Corr. 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. This vulnerability only exists in the 64-bit version.
1271 CVE-2017-2802 426 2018-04-24 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.
1272 CVE-2017-2599 863 2018-04-11 2020-12-04
5.5
None Remote Low ??? Partial Partial None
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).
1273 CVE-2017-2591 125 2018-04-30 2019-10-09
5.0
None Remote Low Not required None None Partial
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.
1274 CVE-2017-2493 200 Bypass +Info 2018-04-03 2019-03-08
4.3
None Remote Medium Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site.
1275 CVE-2017-2492 79 XSS 2018-04-03 2019-03-08
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling.
1276 CVE-2017-1790 79 XSS 2018-04-12 2018-05-16
3.5
None Remote Medium ??? None Partial None
IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137035.
1277 CVE-2017-1786 772 2018-04-23 2019-10-03
3.5
None Remote Medium ??? None None Partial
IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975.
1278 CVE-2017-1772 79 XSS 2018-04-04 2019-10-09
4.3
None Remote Medium Not required None Partial None
IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786.
1279 CVE-2017-1764 522 2018-04-23 2019-10-03
1.9
None Local Medium Not required Partial None None
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149.
1280 CVE-2017-1750 79 XSS 2018-04-25 2018-05-25
3.5
None Remote Medium ??? None Partial None
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135523.
1281 CVE-2017-1734 200 +Info 2018-04-24 2018-06-05
4.0
None Remote Low ??? Partial None None
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915.
1282 CVE-2017-1733 532 2018-04-04 2019-10-09
2.1
None Local Low Not required Partial None None
IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.
1283 CVE-2017-1725 200 +Info 2018-04-24 2018-06-04
4.0
None Remote Low ??? Partial None None
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820.
1284 CVE-2017-1724 79 XSS 2018-04-26 2018-05-25
3.5
None Remote Medium ??? None Partial None
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134814.
1285 CVE-2017-1723 22 Dir. Trav. 2018-04-26 2018-05-25
4.0
None Remote Low ??? Partial None None
IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.
1286 CVE-2017-1722 89 Sql 2018-04-26 2018-05-25
6.5
None Remote Low ??? Partial Partial Partial
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.
1287 CVE-2017-1721 94 Exec Code 2018-04-26 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.
1288 CVE-2017-1701 326 +Info 2018-04-23 2018-05-23
4.0
None Remote Low ??? Partial None None
IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393.
1289 CVE-2017-1700 863 DoS 2018-04-24 2019-10-03
4.0
None Remote Low ??? None None Partial
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392.
1290 CVE-2017-1624 732 2018-04-04 2019-10-09
5.5
None Remote Low ??? Partial Partial None
IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122.
1291 CVE-2017-1486 79 XSS 2018-04-23 2018-05-18
4.3
None Remote Medium Not required None Partial None
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128624.
1292 CVE-2017-1473 326 2018-04-23 2018-05-23
5.0
None Remote Low Not required Partial None None
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605.
1293 CVE-2017-1116 200 +Info 2018-04-27 2018-05-25
4.0
None Remote Low ??? Partial None None
IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154.
1294 CVE-2017-1081 20 2018-04-10 2019-10-09
7.8
None Remote Low Not required None None Complete
In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling.
1295 CVE-2017-0751 2018-04-05 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061.
1296 CVE-2017-0748 200 +Info 2018-04-05 2018-04-17
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798.
1297 CVE-2017-0744 2018-04-05 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744.
1298 CVE-2017-0431 2018-04-05 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899.
1299 CVE-2017-0372 74 2018-04-13 2018-05-17
7.5
None Remote Low Not required Partial Partial Partial
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
1300 CVE-2017-0370 20 File Inclusion 2018-04-13 2018-05-14
5.0
None Remote Low Not required None Partial None
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
Total number of vulnerabilities : 1672   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.