CVEs from 2018
Total
2,856
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20124 | unknown | — | — | — | hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. | |||
| CVE-2018-16328 | unknown | — | — | — | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. | |||
| CVE-2018-16640 | unknown | — | — | — | ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. | |||
| CVE-2018-16641 | unknown | — | — | — | ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. | |||
| CVE-2018-16642 | unknown | — | — | — | The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. | |||
| CVE-2018-16643 | unknown | — | — | — | The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of th… | |||
| CVE-2018-16749 | unknown | — | — | — | In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a c… | |||
| CVE-2018-17967 | unknown | — | — | — | ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. | |||
| CVE-2018-5247 | unknown | — | — | — | In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. | |||
| CVE-2018-18016 | unknown | — | — | — | ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. | |||
| CVE-2018-18023 | unknown | — | — | — | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. | |||
| CVE-2018-18024 | unknown | — | — | — | In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a cra… | |||
| CVE-2018-18025 | unknown | — | — | — | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. | |||
| CVE-2018-5358 | unknown | — | — | — | ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. | |||
| CVE-2018-5248 | unknown | — | — | — | In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. | |||
| CVE-2018-6930 | unknown | — | — | — | A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash)… | |||
| CVE-2018-7470 | unknown | — | — | — | An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. | |||
| CVE-2018-8804 | unknown | — | — | — | WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified oth… | |||
| CVE-2018-14567 | unknown | — | — | — | libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a dif… | |||
| CVE-2018-11710 | unknown | — | — | — | soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an i… | |||
| CVE-2018-20860 | unknown | — | — | — | libopenmpt before 0.3.13 allows a crash with malformed MED files. | |||
| CVE-2018-6611 | unknown | — | — | — | soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file. | |||
| CVE-2018-20532 | unknown | — | — | — | There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | |||
| CVE-2018-1000127 | unknown | — | — | — | memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused f… | |||
| CVE-2018-20786 | unknown | — | — | — | libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.… | |||
| CVE-2018-7589 | unknown | — | — | — | An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. | |||
| CVE-2018-11645 | unknown | — | — | — | psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a simi… | |||
| CVE-2018-10194 | unknown | — | — | — | The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remo… | |||
| CVE-2018-16540 | unknown | — | — | — | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or poss… | |||
| CVE-2018-15908 | unknown | — | — | — | In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. | |||
| CVE-2018-15909 | unknown | — | — | — | In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially e… | |||
| CVE-2018-16802 | unknown | — | — | — | An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply… | |||
| CVE-2018-16543 | unknown | — | — | — | In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. | |||
| CVE-2018-16585 | unknown | — | — | — | An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the sta… | |||
| CVE-2018-16863 | unknown | — | — | — | It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary … | |||
| CVE-2018-17183 | unknown | — | — | — | Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error hand… | |||
| CVE-2018-19882 | unknown | — | — | — | In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg f… | |||
| CVE-2018-20070 | unknown | — | — | — | Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||
| CVE-2018-12382 | unknown | — | — | — | The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of … | |||
| CVE-2018-5089 | unknown | — | — | — | Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploit… | |||
| CVE-2018-10120 | unknown | — | — | — | The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to … | |||
| CVE-2018-5090 | unknown | — | — | — | Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2018-5095 | unknown | — | — | — | An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in… | |||
| CVE-2018-5094 | unknown | — | — | — | A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploit… | |||
| CVE-2018-5097 | unknown | — | — | — | A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a poten… | |||
| CVE-2018-14939 | unknown | — | — | — | The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to caus… | |||
| CVE-2018-5099 | unknown | — | — | — | A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when th… | |||
| CVE-2018-5102 | unknown | — | — | — | A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox… | |||
| CVE-2018-5100 | unknown | — | — | — | A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This… | |||
| CVE-2018-5143 | unknown | — | — | — | URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" UR… | |||
| CVE-2018-1000117 | unknown | — | — | — | Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, li… | |||
| CVE-2018-20106 | unknown | — | — | — | ||||
| CVE-2018-2773 | unknown | — | — | — | ||||
| CVE-2018-19756 | unknown | — | — | — | There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service. | |||
| CVE-2018-8769 | unknown | — | — | — | elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. | |||
| CVE-2018-20724 | unknown | — | — | — | A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. | |||
| CVE-2018-20726 | unknown | — | — | — | A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. | |||
| CVE-2018-9144 | unknown | — | — | — | In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure. | |||
| CVE-2018-5776 | unknown | — | — | — | WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). | |||
| CVE-2018-19139 | unknown | — | — | — | ||||
| CVE-2018-7417 | unknown | — | — | — | In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI head… | |||
| CVE-2018-18873 | unknown | — | — | — | ||||
| CVE-2018-10016 | unknown | — | — | — | Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. | |||
| CVE-2018-6197 | unknown | — | — | — | w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. | |||
| CVE-2018-9257 | unknown | — | — | — | In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. | |||
| CVE-2018-9265 | unknown | — | — | — | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. | |||
| CVE-2018-9272 | unknown | — | — | — | In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. | |||
| CVE-2018-8102 | unknown | — | — | — | The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrate… | |||
| CVE-2018-1000557 | unknown | — | — | — | OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbi… | |||
| CVE-2018-15537 | unknown | — | — | — | Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. | |||
| CVE-2018-20365 | unknown | — | — | — | LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. | |||
| CVE-2018-19640 | unknown | — | — | — | ||||
| CVE-2018-5335 | unknown | — | — | — | In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. | |||
| CVE-2018-4271 | unknown | — | — | — | Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, … | |||
| CVE-2018-4272 | unknown | — | — | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, i… | |||
| CVE-2018-4376 | unknown | — | — | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. | |||
| CVE-2018-2676 | unknown | — | — | — | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vuln… | |||
| CVE-2018-11694 | unknown | — | — | — | An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of se… | |||
| CVE-2018-10372 | unknown | — | — | — | process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated… | |||
| CVE-2018-1000178 | unknown | — | — | — | A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to e… | |||
| CVE-2018-5685 | unknown | — | — | — | In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service v… | |||
| CVE-2018-11432 | unknown | — | — | — | The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | |||
| CVE-2018-11434 | unknown | — | — | — | The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | |||
| CVE-2018-11433 | unknown | — | — | — | The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | |||
| CVE-2018-5747 | unknown | — | — | — | In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lr… | |||
| CVE-2018-9058 | unknown | — | — | — | In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz… | |||
| CVE-2018-11436 | unknown | — | — | — | The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. | |||
| CVE-2018-20375 | unknown | — | — | — | An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c. | |||
| CVE-2018-10774 | unknown | — | — | — | Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by is… | |||
| CVE-2018-16742 | unknown | — | — | — | An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. | |||
| CVE-2018-16743 | unknown | — | — | — | An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. | |||
| CVE-2018-1000179 | unknown | — | — | — | A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause … | |||
| CVE-2018-8040 | unknown | — | — | — | Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 a… | |||
| CVE-2018-8004 | unknown | — | — | — | There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3.… | |||
| CVE-2018-8005 | unknown | — | — | — | When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects ve… | |||
| CVE-2018-10847 | unknown | — | — | — | prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts.… | |||
| CVE-2018-8022 | unknown | — | — | — | A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later ver… | |||
| CVE-2018-0618 | unknown | — | — | — | ||||
| CVE-2018-14038 | unknown | — | — | — | ||||
| CVE-2018-7033 | unknown | — | — | — |