CVEs from 2018

2,888 normalized CVEs published or assigned in this year.

Total

2,888

critical

critical 238

high

high 329

medium

medium 259

low

low 39

% Critical

8.2%

% with KEV

3.1%

% with exploit

9.0%

Top vendors

Top products

core_i7 379
core_i5 375
core_i3 242
xeon_e5 82
xeon_e7 62
xeon_e3 58
xeon_gold 33
atom_z 30

Top packages

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2018-10933	critical	—	10.0				—	A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unautho…
CVE-2018-5159	critical	—	10.0				—	An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially e…
CVE-2018-15686	critical	—	10.0				—	multiple issues in systemd
CVE-2018-15687	critical	—	10.0				—	multiple issues in systemd
CVE-2018-6092	critical	—	10.0				—	multiple issues in chromium
CVE-2018-19627	critical	—	10.0				—	In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
CVE-2018-17463	critical	—	10.0				4y ago	Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web br…
CVE-2018-7602	critical	—	10.0				8y ago	A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
CVE-2018-7600	critical	—	10.0				8y ago	Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.