CVEs from 2018
Total
2,883
critical
critical 238
high
high 329
medium
medium 260
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.0%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- mitel 8
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6096 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2018-12359 | critical | — | 9.5 | — | A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundari… | |||
| CVE-2018-19622 | critical | — | 9.5 | — | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. | |||
| CVE-2018-20346 | critical | — | 9.5 | — | SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allow… | |||
| CVE-2018-18648 | critical | — | 9.5 | — | multiple issues in gitlab | |||
| CVE-2018-6099 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2018-5155 | critical | — | 9.5 | — | A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, … | |||
| CVE-2018-12399 | critical | — | 9.5 | — | When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approvin… | |||
| CVE-2018-6094 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2018-5145 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2018-5127 | critical | — | 9.5 | — | A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR… | |||
| CVE-2018-6101 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2018-5764 | critical | — | 9.5 | — | The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection me… | |||
| CVE-2018-6102 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2018-6110 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2018-5164 | critical | — | 9.5 | — | Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block… | |||
| CVE-2018-12390 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |||
| CVE-2018-18341 | critical | — | 9.5 | — | An integer overflow leading to a heap buffer overflow in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2018-12376 | critical | — | 9.5 | — | Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to … | |||
| CVE-2018-6117 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2018-6103 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2018-15688 | critical | — | 9.5 | — | A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and includin… | |||
| CVE-2018-18645 | critical | — | 9.5 | — | multiple issues in gitlab | |||
| CVE-2018-6091 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2018-18346 | critical | — | 9.5 | — | Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page. | |||
| CVE-2018-5188 | critical | — | 9.5 | — | Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could… | |||
| CVE-2018-6114 | critical | — | 9.5 | — | multiple issues in chromium | |||
| CVE-2018-18503 | critical | — | 9.5 | — | When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < … | |||
| CVE-2018-18502 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of… | |||
| CVE-2018-12366 | critical | — | 9.5 | — | An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability af… | |||
| CVE-2018-5183 | critical | — | 9.5 | — | multiple issues in thunderbird | |||
| CVE-2018-5158 | critical | — | 9.5 | 4y ago | The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permis… | |||
| CVE-2018-11212 | critical | — | 9.5 | 7y ago | RHSA-2019:1238: java-1.8.0-ibm security update (Critical) | |||
| CVE-2018-12549 | critical | — | 9.5 | 7y ago | RHSA-2019:1238: java-1.8.0-ibm security update (Critical) | |||
| CVE-2018-12547 | critical | — | 9.5 | 7y ago | RHSA-2019:1238: java-1.8.0-ibm security update (Critical) | |||
| CVE-2018-18509 | critical | — | 9.5 | 7y ago | multiple issues in thunderbird | |||
| CVE-2018-18506 | critical | — | 9.5 | 7y ago | When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to … | |||
| CVE-2018-10895 | critical | — | 9.5 | 8y ago | qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/s… | |||
| CVE-2018-25361 | medium | 6.8 | 6.8 | 11d ago | Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption k… | |||
| CVE-2018-10622 | medium | 6.8 | 6.8 | 8y ago | Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data. | |||
| CVE-2018-20781 | medium | — | 6.5 | — | In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. | |||
| CVE-2018-1123 | medium | — | 6.5 | — | procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the … | |||
| CVE-2018-8002 | medium | — | 6.5 | — | In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vu… | |||
| CVE-2018-15473 | medium | — | 6.5 | — | OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, re… | |||
| CVE-2018-12327 | medium | — | 6.5 | — | Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IP… | |||
| CVE-2018-1122 | medium | — | 6.5 | — | procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege esca… | |||
| CVE-2018-1124 | medium | — | 6.5 | — | procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can creat… | |||
| CVE-2018-25421 | medium | 6.5 | 6.5 | 6d ago | Open STA Manager 2.3 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by manipulating the file parameter. Attackers can send GET requests to modules… | |||
| CVE-2018-25393 | medium | 6.5 | 6.5 | 7d ago | Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can se… | |||
| CVE-2018-25312 | medium | 6.5 | 6.5 | 1mo ago | LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interfac… | |||
| CVE-2018-25311 | medium | 6.5 | 6.5 | 1mo ago | VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path trav… | |||
| CVE-2018-13785 | medium | 6.5 | 6.5 | 8y ago | In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG fil… | |||
| CVE-2018-3639 | medium | 5.5 | 6.5 | 8y ago | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of i… | |||
| CVE-2018-25423 | medium | 6.2 | 6.2 | 6d ago | Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 byte… | |||
| CVE-2018-25378 | medium | 6.2 | 6.2 | 11d ago | Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can crea… | |||
| CVE-2018-25369 | medium | 6.2 | 6.2 | 11d ago | Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious p… | |||
| CVE-2018-25367 | medium | 6.2 | 6.2 | 11d ago | NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can tri… | |||
| CVE-2018-25324 | medium | 6.2 | 6.2 | 19d ago | Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspat… | |||
| CVE-2018-25313 | medium | 6.2 | 6.2 | 1mo ago | SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can in… | |||
| CVE-2018-25305 | medium | 6.2 | 6.2 | 1mo ago | librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the… | |||
| CVE-2018-25349 | medium | 6.1 | 6.1 | 12d ago | userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the ba… | |||
| CVE-2018-25331 | medium | 6.1 | 6.1 | 19d ago | Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attac… | |||
| CVE-2018-25309 | medium | 6.1 | 6.1 | 1mo ago | MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can creat… | |||
| CVE-2018-25269 | medium | 6.1 | 6.1 | 1mo ago | ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed … | |||
| CVE-2018-25247 | medium | 6.1 | 6.1 | 2mo ago | MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerability. Authenticated attackers can inject script payloads into post or thread subjects; when other users view a profile that disp… | |||
| CVE-2018-12130 | medium | 5.9 | 5.9 | 7y ago | Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure… | |||
| CVE-2018-12127 | medium | 5.6 | 5.6 | 7y ago | Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via… | |||
| CVE-2018-12126 | medium | 5.6 | 5.6 | 7y ago | Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosu… | |||
| CVE-2018-3646 | medium | 5.6 | 5.6 | 8y ago | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user acc… | |||
| CVE-2018-3620 | medium | 5.6 | 5.6 | 8y ago | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user acc… | |||
| CVE-2018-1125 | medium | — | 5.5 | — | procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is comp… | |||
| CVE-2018-6381 | medium | — | 5.5 | — | In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk… | |||
| CVE-2018-18521 | medium | — | 5.5 | — | Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as dem… | |||
| CVE-2018-10195 | medium | — | 5.5 | — | lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. | |||
| CVE-2018-11255 | medium | — | 5.5 | — | An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and applic… | |||
| CVE-2018-18384 | medium | — | 5.5 | — | Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is… | |||
| CVE-2018-19758 | medium | — | 5.5 | — | There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. | |||
| CVE-2018-1301 | medium | — | 5.5 | — | A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerabili… | |||
| CVE-2018-1283 | medium | — | 5.5 | — | In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a … | |||
| CVE-2018-1302 | medium | — | 5.5 | — | When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools main… | |||
| CVE-2018-1303 | medium | — | 5.5 | — | A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be u… | |||
| CVE-2018-1312 | medium | — | 5.5 | — | In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster … | |||
| CVE-2018-20846 | medium | — | 5.5 | — | Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to caus… | |||
| CVE-2018-8000 | medium | — | 5.5 | — | multiple issues in podofo | |||
| CVE-2018-5730 | medium | — | 5.5 | — | MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerd… | |||
| CVE-2018-10779 | medium | — | 5.5 | — | TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. | |||
| CVE-2018-20797 | medium | — | 5.5 | — | An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPr… | |||
| CVE-2018-11256 | medium | — | 5.5 | — | An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and appli… | |||
| CVE-2018-11254 | medium | — | 5.5 | — | An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a… | |||
| CVE-2018-6459 | medium | — | 5.5 | — | The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that… | |||
| CVE-2018-7727 | medium | — | 5.5 | — | An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. | |||
| CVE-2018-5205 | medium | — | 5.5 | — | When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | |||
| CVE-2018-17144 | medium | — | 5.5 | — | Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitabl… | |||
| CVE-2018-12543 | medium | — | 5.5 | — | In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that … | |||
| CVE-2018-20103 | medium | — | 5.5 | — | denial of service in haproxy | |||
| CVE-2018-14644 | medium | — | 5.5 | — | An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DN… | |||
| CVE-2018-16855 | medium | — | 5.5 | — | An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a pack… | |||
| CVE-2018-5206 | medium | — | 5.5 | — | When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. | |||
| CVE-2018-17478 | medium | — | 5.5 | — | information disclosure in chromium | |||
| CVE-2018-19591 | medium | — | 5.5 | — | In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related t… |