CVEs from 2018
Total
2,888
critical
critical 238
high
high 329
medium
medium 259
low
low 39
% Critical
8.2%
% with KEV
3.1%
% with exploit
9.0%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- mitel 8
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-13441 | unknown | — | 1.0 | — | qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload … | |||
| CVE-2018-12938 | unknown | — | 1.0 | — | ||||
| CVE-2018-0494 | unknown | — | 1.0 | — | GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. | |||
| CVE-2018-11652 | unknown | — | 1.0 | — | CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV r… | |||
| CVE-2018-5333 | unknown | — | 1.0 | — | In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL … | |||
| CVE-2018-16517 | unknown | — | 1.0 | — | asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. | |||
| CVE-2018-4200 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected… | |||
| CVE-2018-2698 | unknown | — | 1.0 | — | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vuln… | |||
| CVE-2018-8831 | unknown | — | 1.0 | — | A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist. | |||
| CVE-2018-11218 | unknown | — | 1.0 | — | Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. | |||
| CVE-2018-12293 | unknown | — | 1.0 | — | The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to versio… | |||
| CVE-2018-4089 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involve… | |||
| CVE-2018-4121 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. … | |||
| CVE-2018-4162 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. … | |||
| CVE-2018-4192 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected… | |||
| CVE-2018-4218 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected… | |||
| CVE-2018-4222 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected… | |||
| CVE-2018-4312 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4328 | unknown | — | 1.0 | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4314 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4315 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4317 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4323 | unknown | — | 1.0 | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4386 | unknown | — | 1.0 | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Window… | |||
| CVE-2018-4416 | unknown | — | 1.0 | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Window… | |||
| CVE-2018-4438 | unknown | — | 1.0 | — | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, i… | |||
| CVE-2018-4442 | unknown | — | 1.0 | — | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud f… | |||
| CVE-2018-4443 | unknown | — | 1.0 | — | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud f… | |||
| CVE-2018-4441 | unknown | — | 1.0 | — | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud f… | |||
| CVE-2018-6389 | unknown | — | 1.0 | — | In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to cons… | |||
| CVE-2018-4318 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-12326 | unknown | — | 1.0 | — | Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is uncle… | |||
| CVE-2018-4197 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4306 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-15120 | unknown | — | 1.0 | — | libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via … | |||
| CVE-2018-7584 | unknown | — | 1.0 | — | ||||
| CVE-2018-1160 | unknown | — | 1.0 | — | Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage th… | |||
| CVE-2018-10906 | unknown | — | 1.0 | — | In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_oth… | |||
| CVE-2018-16509 | unknown | — | 1.0 | — | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafte… | |||
| CVE-2018-4382 | unknown | — | 1.0 | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Window… | |||
| CVE-2018-1000888 | unknown | — | 1.0 | 3y ago | PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as fil… | |||
| CVE-2018-25080 | unknown | — | 1.0 | 3y ago | Cross-site Scripting in MobileDetect | |||
| CVE-2018-17057 | unknown | — | 1.0 | 4y ago | An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. | |||
| CVE-2018-20434 | unknown | — | 1.0 | 4y ago | LibreNMS arbitrary OS commands execution | |||
| CVE-2018-7490 | unknown | — | 1.0 | 4y ago | uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal. | |||
| CVE-2018-10188 | unknown | — | 1.0 | 4y ago | phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution | |||
| CVE-2018-10366 | unknown | — | 1.0 | 4y ago | User Plugin for October CSS Allows XSS | |||
| CVE-2018-10094 | unknown | — | 1.0 | 4y ago | Dolibarr SQL injection vulnerability | |||
| CVE-2018-11564 | unknown | — | 1.0 | 4y ago | Pagekit Stored Cross-site Scripting | |||
| CVE-2018-14058 | unknown | — | 1.0 | 4y ago | Pimcore SQLi Vulnerability | |||
| CVE-2018-14057 | unknown | — | 1.0 | 4y ago | Pimcore CSRF Vulnerability | |||
| CVE-2018-15845 | unknown | — | 1.0 | 4y ago | Gleez CMS CSRF Allows Adding of Administrator Accounts | |||
| CVE-2018-14059 | unknown | — | 1.0 | 4y ago | Pimcore XSS Vulnerability | |||
| CVE-2018-14840 | unknown | — | 1.0 | 4y ago | Subrion CMS Cross-site Scripting | |||
| CVE-2018-18548 | unknown | — | 1.0 | 4y ago | ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. | |||
| CVE-2018-19246 | unknown | — | 1.0 | 4y ago | LFI in PHP-Proxy 5.1.0 | |||
| CVE-2018-19458 | unknown | — | 1.0 | 4y ago | Unauthenticated File Read in PHP Proxy | |||
| CVE-2018-19933 | unknown | — | 1.0 | 4y ago | Bolt Cross-site Scripting (XSS) via text input click preview button | |||
| CVE-2018-19799 | unknown | — | 1.0 | 4y ago | Dolibarr ERP and CRM contain XSS Vulnerability | |||
| CVE-2018-1306 | unknown | — | 1.0 | 4y ago | Exposure of Sensitive Information in Apache Pluto | |||
| CVE-2018-8718 | unknown | — | 1.0 | 4y ago | Cross-Site Request Forgery in Jenkins Mailer Plugin | |||
| CVE-2018-20418 | unknown | — | 1.0 | 4y ago | Craft CMS Cross-site Scripting (XSS) Vulnerability | |||
| CVE-2018-1042 | unknown | — | 1.0 | 4y ago | Moodle SSRF Vulnerability | |||
| CVE-2018-9160 | unknown | — | 1.0 | 4y ago | SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses. | |||
| CVE-2018-8947 | unknown | — | 1.0 | 4y ago | Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0 | |||
| CVE-2018-8145 | unknown | — | 1.0 | 4y ago | ChakraCore information disclosure vulnerability | |||
| CVE-2018-7251 | unknown | — | 1.0 | 4y ago | Anchor CMS Logs Credentials | |||
| CVE-2018-10054 | unknown | — | 1.0 | 4y ago | Improper Input Validation in Datomic | |||
| CVE-2018-7198 | unknown | — | 1.0 | 4y ago | October CMS - RainLab Blog Plugin XSS | |||
| CVE-2018-8617 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-8466 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-8467 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-8384 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-8355 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-8288 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-8291 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-8229 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-8139 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-8133 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-14716 | unknown | — | 1.0 | 4y ago | SEOmatic plugin for Craft CMS SSTI Vulnerability | |||
| CVE-2018-1133 | unknown | — | 1.0 | 4y ago | Moodle calculated question type allows remote code execution by Question authors | |||
| CVE-2018-0980 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0946 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0934 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0933 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0860 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0838 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0837 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0834 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0835 | unknown | — | 1.0 | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0114 | unknown | — | 1.0 | 4y ago | Cisco node-jose improper validation of JWT signature | |||
| CVE-2018-14009 | unknown | — | 1.0 | 4y ago | Codiad remote code execution vulnerability | |||
| CVE-2018-19422 | unknown | — | 1.0 | 4y ago | Subrion CMS RCE Vulnerability | |||
| CVE-2018-12613 | unknown | — | 1.0 | 4y ago | phpMyAdmin Improper Authentication | |||
| CVE-2018-1002105 | unknown | — | 1.0 | 4y ago | In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to estab… | |||
| CVE-2018-15727 | unknown | — | 1.0 | 4y ago | Grafana Authentication Bypass in github.com/grafana/grafana | |||
| CVE-2018-19277 | unknown | — | 1.0 | 7y ago | XXE in PHPSpreadsheet due to encoding issue | |||
| CVE-2018-15812 | unknown | — | 1.0 | 7y ago | Insufficient Entropy in DotNetNuke | |||
| CVE-2018-18326 | unknown | — | 1.0 | 7y ago | Insufficient Entropy in DotNetNuke | |||
| CVE-2018-11770 | unknown | — | 1.0 | 8y ago | org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability |