Vulnerabilities (CVE)

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.

Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper input validation vulnerability. Successful exploitation could lead to local privilege escalation.

Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploitable Same-Origin Method Execution vulnerability. Successful exploitation could lead to JavaScript code execution in the context of the PhoneGap app.

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could cause a Denial-of-Service condition by sending certain packets to the device, causing potential reboots of the device. The core functionality of the device could be impacted. The time serving functionality recovers when time synchronization with GPS devices or other NTP servers are completed.

A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart.

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 ... A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system.

Show More

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C ... A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.

Show More

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V ... A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd1), SIMATIC BATCH V7.1 and earlier (All versions), SIMATIC BATCH V8.0 (All versions < V8.0 SP1 Upd21), SIMATIC BATCH V8.1 (All versions < V8.1 SP1 Upd16), SIMATIC BATCH V8.2 (All versions < V8.2 Upd10), SIMATIC BATCH V9.0 (All versions < V9.0 SP1), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions < 15 SP1), SIMATIC PCS 7 V7.1 and earlier (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP1), SIMATIC Route Control V7.1 and earlier (All versions), SIMATIC Route Control V8.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Upd2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Upd5), SIMATIC WinCC V7.2 and earlier (All versions < WinCC 7.2 Upd 15), SIMATIC WinCC V7.3 (All versions < WinCC 7.3 Upd 16), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 4), SPPA-T3000 Application Server (All versions < Service Pack R8.2 SP2). Specially crafted messages sent to the RPC service of the affected products could cause a Denial-of-Service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality. Please note that an attacker needs to have network access to the Application Server in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Show More

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2.

A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.1.1.

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

A logic issue was addressed with improved validation. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2.

A logic issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.1.

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.

A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14.

A validation issue was addressed with improved logic. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, watchOS 5.1.

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.

Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS.

A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.

This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1.

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.

A denial of service issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.

An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12.

A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.

A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14.