CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1401 CVE-2016-10406 200 +Info 2018-04-18 2018-05-01
5.0
None Remote Low Not required Partial None None
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, and SD 835, while printing debug message of a pointer in wlan_qmi_err_cb, the real kernel address will be printed regardless of the kptr_restrict system settings.
1402 CVE-2016-10299 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.
1403 CVE-2016-10298 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252.
1404 CVE-2016-10258 434 2018-04-11 2021-07-08
6.0
None Remote Medium ??? Partial Partial Partial
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
1405 CVE-2016-10236 200 +Info 2018-04-04 2018-05-04
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418.
1406 CVE-2016-10235 20 DoS 2018-04-04 2018-05-04
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409.
1407 CVE-2016-10234 200 +Info 2018-04-04 2018-05-04
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060.
1408 CVE-2016-10233 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452.
1409 CVE-2016-10232 264 2018-04-04 2018-05-04
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872.
1410 CVE-2016-10231 264 2018-04-04 2018-05-04
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799.
1411 CVE-2016-10230 264 Exec Code 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408.
1412 CVE-2016-9646 287 2018-04-13 2018-05-18
5.0
None Remote Low Not required None Partial None
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
1413 CVE-2016-9645 284 Bypass 2018-04-10 2018-05-22
4.0
None Remote Low ??? None Partial None
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.
1414 CVE-2016-9602 59 2018-04-26 2019-10-09
9.0
None Remote Low ??? Complete Complete Complete
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
1415 CVE-2016-9601 119 Overflow 2018-04-24 2019-10-09
4.3
None Remote Medium Not required None None Partial
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
1416 CVE-2016-9599 284 2018-04-24 2021-08-04
6.0
None Remote Medium ??? Partial Partial Partial
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.
1417 CVE-2016-9594 665 2018-04-23 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
1418 CVE-2016-9593 255 2018-04-16 2019-10-09
4.0
None Remote Low ??? Partial None None
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
1419 CVE-2016-9592 399 DoS 2018-04-16 2019-10-09
4.0
None Remote Low ??? None None Partial
openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack as the number of API requests being sent to the cloud-provider exceeds the API's rate-limit.
1420 CVE-2016-9590 200 +Info 2018-04-26 2021-08-04
4.0
None Remote Low ??? Partial None None
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.
1421 CVE-2016-9587 20 Exec Code 2018-04-24 2021-09-13
9.3
None Remote Medium Not required Complete Complete Complete
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
1422 CVE-2016-9586 122 Overflow 2018-04-23 2021-06-29
6.8
None Remote Medium Not required Partial Partial Partial
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.
1423 CVE-2016-9094 20 2018-04-16 2018-05-22
6.8
None Remote Medium Not required Partial Partial Partial
Symantec Endpoint Protection clients place detected malware in quarantine as part of the intended product functionality. The quarantine logs can be exported for review by the user in a variety of formats including .CSV files. Prior to 14.0 MP1 and 12.1 RU6 MP7, the potential exists for file metadata to be interpreted and evaluated as a formula. Successful exploitation of an attack of this type requires considerable direct user-interaction from the user exporting and then opening the log files on the intended target client.
1424 CVE-2016-9093 20 DoS +Priv 2018-04-16 2018-05-23
6.9
None Local Medium Not required Complete Complete Complete
A version of the SymEvent Driver that shipped with Symantec Endpoint Protection 12.1 RU6 MP6 and earlier fails to properly sanitize logged-in user input. SEP 14.0 and later are not impacted by this issue. A non-admin user would need to be able to save an executable file to disk and then be able to successfully run that file. If properly constructed, the file could access the driver interface and potentially manipulate certain system calls. On all 32-bit systems and in most cases on 64-bit systems, this will result in a denial of service that will crash the system. In very narrow circumstances, and on 64-bit systems only, this could allow the user to run arbitrary code on the local machine with kernel-level privileges. This could result in a non-privileged user gaining privileged access on the local machine.
1425 CVE-2016-9043 787 Exec Code 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An out of bound write vulnerability exists in the EMF parsing functionality of CorelDRAW X8 (CdrGfx - Corel Graphics Engine (64-Bit) - 18.1.0.661). A specially crafted EMF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific EMF file to trigger this vulnerability.
1426 CVE-2016-9038 362 Mem. Corr. 2018-04-24 2022-04-19
4.4
None Local Medium Not required Partial Partial Partial
An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability.
1427 CVE-2016-8732 275 2018-04-24 2022-04-19
4.6
None Local Low Not required Partial Partial Partial
Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product.
1428 CVE-2016-8730 787 Exec Code Mem. Corr. 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An attacker can send the victim a specific GIF file to trigger this vulnerability.
1429 CVE-2016-8729 119 Exec Code Overflow Mem. Corr. 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.
1430 CVE-2016-8728 787 Exec Code Mem. Corr. 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability.
1431 CVE-2016-8717 798 2018-04-02 2022-04-19
10.0
None Remote Low Not required Complete Complete Complete
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.
1432 CVE-2016-8488 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756.
1433 CVE-2016-8487 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724.
1434 CVE-2016-8486 200 +Info 2018-04-04 2018-05-04
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823691.
1435 CVE-2016-8485 200 +Info 2018-04-04 2018-05-04
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681.
1436 CVE-2016-8484 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575.
1437 CVE-2016-8482 264 2018-04-05 2018-04-17
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482.
1438 CVE-2016-8384 119 Overflow 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter.
1439 CVE-2016-8383 119 Exec Code Overflow 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability.
1440 CVE-2016-8382 119 Exec Code Overflow 2018-04-24 2022-04-19
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability.
1441 CVE-2016-8380 287 2018-04-05 2018-10-14
7.5
None Remote Low Not required Partial Partial Partial
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
1442 CVE-2016-8371 287 2018-04-05 2018-10-14
7.5
None Remote Low Not required Partial Partial Partial
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
1443 CVE-2016-8366 255 2018-04-05 2018-10-13
5.0
None Remote Low Not required Partial None None
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.
1444 CVE-2016-8365 284 DoS 2018-04-03 2019-10-09
2.1
None Local Low Not required None None Partial
OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
1445 CVE-2016-8220 200 +Info 2018-04-18 2018-05-23
5.0
None Remote Low Not required Partial None None
Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route.
1446 CVE-2016-7472 20 DoS 2018-04-03 2018-05-10
5.0
None Remote Low Not required None None Partial
F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request.
1447 CVE-2016-2169 17 2018-04-18 2018-05-24
5.0
None Remote Low Not required None Partial None
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.
1448 CVE-2015-9224 119 Overflow 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input Validation in QURTK_write() can cause potential buffer overflow.
1449 CVE-2015-9223 119 Overflow 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 400, SD 600, and SD 800, a buffer overflow can occur when processing an audio buffer.
1450 CVE-2015-9222 399 2018-04-18 2018-05-02
7.8
None Remote Low Not required None None Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze.
Total number of vulnerabilities : 1672   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 (This Page)30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.