CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2651 CVE-2018-5836 125 2018-07-06 2018-08-27
2.1
None Local Low Not required Partial None None
In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access.
2652 CVE-2018-5790 119 DoS Overflow 2018-02-05 2018-02-22
2.9
None Local Network Medium Not required None None Partial
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is Remote, Unauthenticated "Global" Denial of Service in the RIM (Radio Interface Module) over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
2653 CVE-2018-5750 200 +Info 2018-01-26 2019-03-07
2.1
None Local Low Not required Partial None None
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
2654 CVE-2018-5693 532 2018-01-14 2019-03-06
2.1
None Local Low Not required Partial None None
The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.
2655 CVE-2018-5683 125 DoS 2018-01-23 2020-05-14
2.1
None Local Low Not required None None Partial
The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.
2656 CVE-2018-5552 798 2018-03-19 2019-10-09
2.1
None Local Low Not required Partial None None
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "[email protected]+&pepper".
2657 CVE-2018-5540 732 2018-07-19 2019-10-03
2.1
None Local Low Not required Partial None None
On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.
2658 CVE-2018-5537 20 2018-07-25 2018-09-19
2.6
None Remote High Not required None None Partial
A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end.
2659 CVE-2018-5518 2018-05-02 2019-10-03
2.3
None Local Network Medium ??? None None Partial
On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required.
2660 CVE-2018-5497 200 +Info 2019-01-24 2019-02-15
2.1
None Local Low Not required Partial None None
Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
2661 CVE-2018-5496 200 +Info 2018-12-04 2019-02-05
2.1
None Local Low Not required Partial None None
Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
2662 CVE-2018-5448 22 Dir. Trav. 2018-05-04 2019-10-09
2.7
None Local Network Low ??? Partial None None
All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the system.
2663 CVE-2018-5446 522 2018-05-04 2019-10-09
2.1
None Local Low Not required Partial None None
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network.
2664 CVE-2018-5252 834 2018-01-05 2019-10-03
2.6
None Remote High Not required None None Partial
libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c.
2665 CVE-2018-4863 254 Bypass 2018-04-05 2018-05-18
2.1
None Local Low Not required None Partial None
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
2666 CVE-2018-4847 311 2018-04-23 2019-10-03
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue.
2667 CVE-2018-4448 2020-10-27 2020-10-30
2.1
None Local Low Not required Partial None None
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, tvOS 12.1.1. A local user may be able to read kernel memory.
2668 CVE-2018-4430 200 +Info 2019-04-03 2019-04-05
2.1
None Local Low Not required Partial None None
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1.
2669 CVE-2018-4395 20 2019-04-03 2019-04-08
2.1
None Local Low Not required None None Partial
This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
2670 CVE-2018-4388 200 +Info 2019-04-03 2019-04-05
2.1
None Local Low Not required Partial None None
A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.1.
2671 CVE-2018-4387 200 +Info 2019-04-03 2019-04-05
2.1
None Local Low Not required Partial None None
A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.
2672 CVE-2018-4380 200 +Info 2019-04-03 2019-04-08
2.1
None Local Low Not required Partial None None
A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1.
2673 CVE-2018-4379 200 +Info 2019-04-03 2019-04-05
2.1
None Local Low Not required Partial None None
A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1.
2674 CVE-2018-4352 200 +Info 2019-04-03 2019-04-08
2.1
None Local Low Not required Partial None None
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12.
2675 CVE-2018-4348 20 2019-04-03 2019-04-05
2.1
None Local Low Not required None None Partial
A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.
2676 CVE-2018-4342 20 2019-04-03 2019-04-05
2.1
None Local Low Not required None Partial None
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1.
2677 CVE-2018-4339 2020-10-27 2020-10-28
2.1
None Local Low Not required Partial None None
This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier.
2678 CVE-2018-4325 200 +Info 2019-04-03 2019-04-04
2.1
None Local Low Not required Partial None None
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.
2679 CVE-2018-4322 20 2019-04-03 2019-04-04
2.1
None Local Low Not required Partial None None
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.
2680 CVE-2018-4313 20 2019-04-03 2019-04-04
2.1
None Local Low Not required Partial None None
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
2681 CVE-2018-4256 125 2019-01-11 2019-01-16
2.1
None Local Low Not required Partial None None
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
2682 CVE-2018-4255 125 2019-01-11 2019-01-16
2.1
None Local Low Not required Partial None None
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
2683 CVE-2018-4252 200 Bypass +Info 2018-06-08 2018-07-17
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri.
2684 CVE-2018-4244 200 +Info 2018-06-08 2018-07-17
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically proximate attackers to discover private contact information via Siri.
2685 CVE-2018-4239 200 Bypass +Info 2018-06-08 2018-07-17
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Magnifier" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and see the most recent Magnifier image.
2686 CVE-2018-4238 732 Bypass 2018-06-08 2019-10-03
2.1
None Local Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and enable Siri.
2687 CVE-2018-4235 74 2018-06-08 2018-07-17
2.1
None Local Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows local users to perform impersonation attacks via an unspecified injection.
2688 CVE-2018-4226 200 Bypass +Info 2018-06-08 2019-03-07
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of sensitive user information.
2689 CVE-2018-4225 20 Bypass 2018-06-08 2019-03-08
2.1
None Local Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state modifications.
2690 CVE-2018-4224 200 Bypass +Info 2018-06-08 2018-07-17
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent device identifier.
2691 CVE-2018-4223 200 Bypass +Info 2018-06-08 2018-07-17
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of a persistent account identifier.
2692 CVE-2018-4179 200 +Info 2019-01-11 2019-01-30
2.1
None Local Low Not required Partial None None
In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic.
2693 CVE-2018-4178 732 2019-04-03 2020-08-24
2.1
None Local Low Not required Partial None None
A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue affected versions prior to macOS High Sierra 10.13.4.
2694 CVE-2018-4172 Bypass 2018-04-03 2019-10-03
2.1
None Local Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Find My iPhone" component. It allows physically proximate attackers to bypass the iCloud password requirement for disabling the "Find My iPhone" feature via vectors involving a backup restore.
2695 CVE-2018-4170 522 2018-04-03 2019-10-03
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution.
2696 CVE-2018-4168 200 +Info 2018-04-03 2018-05-04
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.
2697 CVE-2018-4123 200 +Info 2018-04-03 2018-05-04
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the "Clock" component. It allows physically proximate attackers to discover the iTunes e-mail address.
2698 CVE-2018-4092 362 Bypass 2018-04-03 2018-05-04
2.6
None Remote High Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to bypass intended memory-read restrictions via a crafted app.
2699 CVE-2018-4053 20 2019-04-02 2020-05-04
2.1
None Local Low Not required None None Partial
An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable.
2700 CVE-2018-4052 200 +Info 2019-04-02 2020-05-04
2.1
None Local Low Not required Partial None None
An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 (This Page)55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.