CVEs from 2018
Total
2,860
critical
critical 238
high
high 329
medium
medium 260
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- mitel 8
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5996 | unknown | — | — | — | Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to… | |||
| CVE-2018-12459 | unknown | — | — | — | An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file… | |||
| CVE-2018-13302 | unknown | — | — | — | In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an… | |||
| CVE-2018-13305 | unknown | — | — | — | In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a… | |||
| CVE-2018-15822 | unknown | — | — | — | The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. | |||
| CVE-2018-11202 | unknown | — | — | — | A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. | |||
| CVE-2018-11205 | unknown | — | — | — | A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack. | |||
| CVE-2018-3150 | unknown | — | — | — | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated atta… | |||
| CVE-2018-17437 | unknown | — | — | — | Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. | |||
| CVE-2018-19209 | unknown | — | — | — | Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. | |||
| CVE-2018-19198 | unknown | — | — | — | An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain co… | |||
| CVE-2018-5345 | unknown | — | — | — | A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. | |||
| CVE-2018-11496 | unknown | — | — | — | In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. | |||
| CVE-2018-5786 | unknown | — | — | — | In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of ser… | |||
| CVE-2018-10685 | unknown | — | — | — | In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possi… | |||
| CVE-2018-5650 | unknown | — | — | — | In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of se… | |||
| CVE-2018-10753 | unknown | — | — | — | Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified … | |||
| CVE-2018-10771 | unknown | — | — | — | Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other i… | |||
| CVE-2018-19325 | unknown | — | — | — | ||||
| CVE-2018-14884 | unknown | — | — | — | ||||
| CVE-2018-20453 | unknown | — | — | — | The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. | |||
| CVE-2018-5811 | unknown | — | — | — | An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently … | |||
| CVE-2018-20189 | unknown | — | — | — | In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and al… | |||
| CVE-2018-20148 | unknown | — | — | — | In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of seriali… | |||
| CVE-2018-21017 | unknown | — | — | — | GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. | |||
| CVE-2018-25154 | unknown | — | — | — | GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file p… | |||
| CVE-2018-2668 | unknown | — | — | — | ||||
| CVE-2018-2813 | unknown | — | — | — | ||||
| CVE-2018-2781 | unknown | — | — | — | ||||
| CVE-2018-3133 | unknown | — | — | — | ||||
| CVE-2018-3081 | unknown | — | — | — | ||||
| CVE-2018-19827 | unknown | — | — | — | In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified … | |||
| CVE-2018-4210 | unknown | — | — | — | In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This … | |||
| CVE-2018-2794 | unknown | — | — | — | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult … | |||
| CVE-2018-10060 | unknown | — | — | — | Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. | |||
| CVE-2018-20723 | unknown | — | — | — | A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. | |||
| CVE-2018-14862 | unknown | — | — | — | Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a … | |||
| CVE-2018-6353 | unknown | — | — | — | The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not under… | |||
| CVE-2018-12264 | unknown | — | — | — | Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. | |||
| CVE-2018-12182 | unknown | — | — | — | Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local acce… | |||
| CVE-2018-12183 | unknown | — | — | — | Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | |||
| CVE-2018-1999022 | unknown | — | — | — | PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptio… | |||
| CVE-2018-1000217 | unknown | — | — | — | Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to … | |||
| CVE-2018-1000216 | unknown | — | — | — | Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker … | |||
| CVE-2018-15856 | unknown | — | — | — | An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of c… | |||
| CVE-2018-16402 | unknown | — | — | — | libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress tw… | |||
| CVE-2018-16403 | unknown | — | — | — | libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an… | |||
| CVE-2018-18838 | unknown | — | — | — | An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry. | |||
| CVE-2018-10380 | unknown | — | — | — | kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | |||
| CVE-2018-7247 | unknown | — | — | — | An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possib… | |||
| CVE-2018-25107 | unknown | — | — | — | The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand() function, which is not a secure source of random bits. | |||
| CVE-2018-20150 | unknown | — | — | — | In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. | |||
| CVE-2018-10102 | unknown | — | — | — | Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. | |||
| CVE-2018-10100 | unknown | — | — | — | Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | |||
| CVE-2018-10101 | unknown | — | — | — | Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | |||
| CVE-2018-20153 | unknown | — | — | — | In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. | |||
| CVE-2018-14454 | unknown | — | — | — | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp. | |||
| CVE-2018-14449 | unknown | — | — | — | An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp. | |||
| CVE-2018-1000117 | unknown | — | — | — | Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, li… | |||
| CVE-2018-17358 | unknown | — | — | — | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c… | |||
| CVE-2018-14342 | unknown | — | — | — | In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribut… | |||
| CVE-2018-7689 | unknown | — | — | — | Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. | |||
| CVE-2018-17974 | unknown | — | — | — | An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values … | |||
| CVE-2018-18407 | unknown | — | — | — | A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. The issue gets triggered in the function csum_replace4()… | |||
| CVE-2018-14863 | unknown | — | — | — | Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC. | |||
| CVE-2018-1000801 | unknown | — | — | — | okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user wo… | |||
| CVE-2018-12435 | unknown | — | — | — | Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.c… | |||
| CVE-2018-13410 | unknown | — | — | — | Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact becau… | |||
| CVE-2018-16883 | unknown | — | — | — | sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user di… | |||
| CVE-2018-1116 | unknown | — | — | — | A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger a… | |||
| CVE-2018-2581 | unknown | — | — | — | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unau… | |||
| CVE-2018-17985 | unknown | — | — | — | An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls … | |||
| CVE-2018-20361 | unknown | — | — | — | An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fau… | |||
| CVE-2018-2693 | unknown | — | — | — | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily explo… | |||
| CVE-2018-20020 | unknown | — | — | — | LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution | |||
| CVE-2018-15127 | unknown | — | — | — | LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution | |||
| CVE-2018-15126 | unknown | — | — | — | LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution | |||
| CVE-2018-20019 | unknown | — | — | — | LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution | |||
| CVE-2018-20024 | unknown | — | — | — | LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. | |||
| CVE-2018-19639 | unknown | — | — | — | ||||
| CVE-2018-14662 | unknown | — | — | — | It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | |||
| CVE-2018-1000127 | unknown | — | — | — | memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused f… | |||
| CVE-2018-20330 | unknown | — | — | — | The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demons… | |||
| CVE-2018-2817 | unknown | — | — | — | ||||
| CVE-2018-21245 | unknown | — | — | — | Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711. | |||
| CVE-2018-4299 | unknown | — | — | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Window… | |||
| CVE-2018-19838 | unknown | — | — | — | In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as dem… | |||
| CVE-2018-8828 | unknown | — | — | — | A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-b… | |||
| CVE-2018-10858 | unknown | — | — | — | A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a sam… | |||
| CVE-2018-14628 | unknown | — | — | — | An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attrib… | |||
| CVE-2018-10919 | unknown | — | — | — | The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential… | |||
| CVE-2018-10918 | unknown | — | — | — | A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Dir… | |||
| CVE-2018-12382 | unknown | — | — | — | The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of … | |||
| CVE-2018-18498 | unknown | — | — | — | A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bo… | |||
| CVE-2018-18496 | unknown | — | — | — | When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing … | |||
| CVE-2018-5130 | unknown | — | — | — | When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and F… | |||
| CVE-2018-5131 | unknown | — | — | — | Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network… | |||
| CVE-2018-5135 | unknown | — | — | — | WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebE… | |||
| CVE-2018-5133 | unknown | — | — | — | If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browse… | |||
| CVE-2018-5134 | unknown | — | — | — | WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content.… |