CVEs from 2018
Total
2,887
critical
critical 238
high
high 329
medium
medium 259
low
low 39
% Critical
8.2%
% with KEV
3.1%
% with exploit
9.0%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- mitel 8
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000035 | medium | — | 5.5 | — | A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve co… | |||
| CVE-2018-19432 | medium | — | 5.5 | — | An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. | |||
| CVE-2018-6540 | medium | — | 5.5 | — | In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a… | |||
| CVE-2018-6459 | medium | — | 5.5 | — | The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that… | |||
| CVE-2018-8011 | medium | — | 5.5 | — | By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP … | |||
| CVE-2018-5737 | medium | — | 5.5 | — | A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction … | |||
| CVE-2018-1000135 | medium | — | 5.5 | — | GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, w… | |||
| CVE-2018-16855 | medium | — | 5.5 | — | An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a pack… | |||
| CVE-2018-18520 | medium | — | 5.5 | — | An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes… | |||
| CVE-2018-17478 | medium | — | 5.5 | — | information disclosure in chromium | |||
| CVE-2018-5295 | medium | — | 5.5 | — | In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause … | |||
| CVE-2018-5783 | medium | — | 5.5 | — | In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial… | |||
| CVE-2018-19532 | medium | — | 5.5 | — | A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It all… | |||
| CVE-2018-25306 | medium | 5.5 | 5.5 | 1mo ago | PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmen… | |||
| CVE-2018-25267 | medium | 5.5 | 5.5 | 1mo ago | UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attacker… | |||
| CVE-2018-17828 | medium | — | 5.5 | 7mo ago | RHSA-2020:1653: zziplib security update (Moderate) | |||
| CVE-2018-15209 | medium | — | 5.5 | 2y ago | RHSA-2024:5079: libtiff security update (Moderate) | |||
| CVE-2018-25091 | medium | — | 5.5 | 3y ago | RHSA-2024:2988: container-tools:rhel8 security update (Moderate) | |||
| CVE-2018-18624 | medium | — | 5.5 | 4y ago | RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-7260 | medium | — | 5.5 | 4y ago | Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2018-13258 | medium | — | 5.5 | 4y ago | Mediawiki tarball is missing .htaccess files | |||
| CVE-2018-1000120 | medium | — | 5.5 | 4y ago | A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. | |||
| CVE-2018-1999043 | medium | — | 5.5 | 4y ago | Missing Release of Resource after Effective Lifetime in Jenkins | |||
| CVE-2018-0503 | medium | — | 5.5 | 4y ago | Mediawiki Improper Privilege Management | |||
| CVE-2018-0505 | medium | — | 5.5 | 4y ago | Mediawiki BotPassword can bypass CentralAuth's account lock | |||
| CVE-2018-14773 | medium | — | 5.5 | 4y ago | An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises … | |||
| CVE-2018-14040 | medium | — | 5.5 | 4y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-5785 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2018-5727 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2018-20845 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2018-20847 | medium | — | 5.5 | 5y ago | RHSA-2021:4251: openjpeg2 security update (Moderate) | |||
| CVE-2018-25014 | medium | — | 5.5 | 5y ago | RHSA-2021:4231: libwebp security update (Moderate) | |||
| CVE-2018-25013 | medium | — | 5.5 | 5y ago | RHSA-2021:4231: libwebp security update (Moderate) | |||
| CVE-2018-25012 | medium | — | 5.5 | 5y ago | RHSA-2021:4231: libwebp security update (Moderate) | |||
| CVE-2018-25009 | medium | — | 5.5 | 5y ago | RHSA-2021:4231: libwebp security update (Moderate) | |||
| CVE-2018-25010 | medium | — | 5.5 | 5y ago | RHSA-2021:4231: libwebp security update (Moderate) | |||
| CVE-2018-21247 | medium | — | 5.5 | 5y ago | An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | |||
| CVE-2018-17199 | medium | — | 5.5 | 5y ago | In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessio… | |||
| CVE-2018-14882 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-16227 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14880 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14469 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14470 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-11805 | medium | — | 5.5 | 6y ago | RHSA-2020:4625: spamassassin security update (Moderate) | |||
| CVE-2018-14881 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-16228 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-16229 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14879 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14461 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14468 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14465 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14464 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14466 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14467 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14462 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-16230 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-16300 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-16452 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14463 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-10105 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-10103 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-16451 | medium | — | 5.5 | 6y ago | RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20843 | medium | — | 5.5 | 6y ago | RHSA-2020:4846: mingw-expat security update (Moderate) | |||
| CVE-2018-17189 | medium | — | 5.5 | 6y ago | In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up th… | |||
| CVE-2018-11782 | medium | — | 5.5 | 6y ago | RHSA-2020:4712: subversion:1.10 security update (Moderate) | |||
| CVE-2018-21035 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2018-14553 | medium | — | 5.5 | 6y ago | RHSA-2020:4659: gd security update (Moderate) | |||
| CVE-2018-1000858 | medium | — | 5.5 | 6y ago | RHSA-2020:4490: gnupg2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20337 | medium | — | 5.5 | 6y ago | RHSA-2020:1766: GNOME security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-11685 | medium | — | 5.5 | 6y ago | Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c. | |||
| CVE-2018-11684 | medium | — | 5.5 | 6y ago | Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c. | |||
| CVE-2018-11577 | medium | — | 5.5 | 6y ago | Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. | |||
| CVE-2018-12085 | medium | — | 5.5 | 6y ago | Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440. | |||
| CVE-2018-19871 | medium | — | 5.5 | 6y ago | RHSA-2020:1665: qt5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-19872 | medium | — | 5.5 | 6y ago | RHSA-2020:1665: qt5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-19869 | medium | — | 5.5 | 6y ago | RHSA-2020:1665: qt5 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-19662 | medium | — | 5.5 | 6y ago | RHSA-2020:1636: libsndfile security update (Moderate) | |||
| CVE-2018-13139 | medium | — | 5.5 | 6y ago | RHSA-2020:1636: libsndfile security update (Moderate) | |||
| CVE-2018-20783 | medium | — | 5.5 | 6y ago | RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20852 | medium | — | 5.5 | 6y ago | RHSA-2020:1764: python3 security and bug fix update (Moderate) | |||
| CVE-2018-19607 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-19108 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-18915 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-19535 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-19107 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-14338 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-10772 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-11037 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-17282 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-17581 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-17230 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-17229 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-9306 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-9304 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-9303 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-4868 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-9305 | medium | — | 5.5 | 6y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-15587 | medium | — | 5.5 | 6y ago | RHSA-2020:1600: evolution security and bug fix update (Moderate) | |||
| CVE-2018-9251 | medium | — | 5.5 | 6y ago | RHSA-2020:1827: libxml2 security update (Moderate) | |||
| CVE-2018-14498 | medium | — | 5.5 | 7y ago | RHSA-2019:3705: libjpeg-turbo security update (Moderate) |