Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16558 | 1 Siemens | 2 Simatic S7-1500, Simatic S7-1500 Firmware | 2019-04-18 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-16559 | 1 Siemens | 2 Simatic S7-1500, Simatic S7-1500 Firmware | 2019-04-18 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-19967 | 2 Debian, Xen | 2 Debian Linux, Xen | 2019-04-17 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix. | |||||
| CVE-2019-9845 | 1 Miniblog.core Project | 1 Miniblog.core | 2019-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension. | |||||
| CVE-2019-11228 | 1 Gitea | 1 Gitea | 2019-04-16 | 5.0 MEDIUM | 7.5 HIGH |
| repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. | |||||
| CVE-2018-0467 | 1 Cisco | 1 Ios Xe | 2019-04-15 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device. | |||||
| CVE-2018-0472 | 1 Cisco | 1 Ios Xe | 2019-04-15 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device. | |||||
| CVE-2015-0633 | 1 Cisco | 19 C200 M1, C200 M2, C210 M2 and 16 more | 2019-04-15 | 6.8 MEDIUM | N/A |
| The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. | |||||
| CVE-2018-4187 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. macOS before 10.13.4 Security Update 2018-001 is affected. The issue involves the "LinkPresentation" component. It allows remote attackers to spoof the UI via a crafted URL in a text message. | |||||
| CVE-2019-7412 | 1 Ps Phpcaptcha Wp Project | 1 Ps Phpcaptcha Wp | 2019-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles sanitization of input values. | |||||
| CVE-2019-11014 | 1 Vstarcam | 1 Eye4 | 2019-04-11 | 10.0 HIGH | 9.8 CRITICAL |
| The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the client looking for a camera on the local network. When the camera responds to the client, it responds via the broadcast address, giving all information necessary to impersonate the camera. The attacker then floods the client with responses, causing the original camera to be denied service from the client, and thus causing the client to then communicate exclusively with the attacker's fake camera server. When connecting to the fake camera server, the client sends all details necessary to login to the camera (username and password). | |||||
| CVE-2019-0695 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-04-09 | 5.5 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0701. | |||||
| CVE-2019-0701 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-04-09 | 5.5 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0695. | |||||
| CVE-2018-4460 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. | |||||
| CVE-2016-8344 | 1 Honeywell | 1 Experion Process Knowledge System | 2019-04-09 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. | |||||
| CVE-2018-4353 | 1 Apple | 1 Mac Os X | 2019-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-4395 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-04-08 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | |||||
| CVE-2018-11830 | 1 Qualcomm | 16 Mdm9206, Mdm9206 Firmware, Mdm9607 and 13 more | 2019-04-07 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A | |||||
| CVE-2018-11966 | 1 Qualcomm | 84 Mdm9150, Mdm9150 Firmware, Mdm9206 and 81 more | 2019-04-07 | 7.2 HIGH | 7.8 HIGH |
| Undefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2018-4429 | 1 Apple | 2 Iphone Os, Watchos | 2019-04-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2. | |||||