CVEs from 2018
Total
2,887
critical
critical 238
high
high 329
medium
medium 259
low
low 39
% Critical
8.2%
% with KEV
3.1%
% with exploit
9.0%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- mitel 8
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16890 | medium | — | 5.5 | 7y ago | libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does… | |||
| CVE-2018-12181 | medium | — | 5.5 | 7y ago | RHSA-2019:3338: edk2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-15518 | medium | — | 5.5 | 7y ago | RHSA-2019:3390: qt5-qtbase security and bug fix update (Moderate) | |||
| CVE-2018-20483 | medium | — | 5.5 | 7y ago | RHSA-2019:3701: curl security and bug fix update (Moderate) | |||
| CVE-2018-20534 | medium | — | 5.5 | 7y ago | There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects t… | |||
| CVE-2018-19873 | medium | — | 5.5 | 7y ago | RHSA-2019:3390: qt5-qtbase security and bug fix update (Moderate) | |||
| CVE-2018-12900 | medium | — | 5.5 | 7y ago | RHSA-2019:3419: libtiff security update (Moderate) | |||
| CVE-2018-20685 | medium | — | 5.5 | 7y ago | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the tar… | |||
| CVE-2018-12121 | medium | — | 5.5 | 7y ago | RHSA-2019:3497: http-parser security and bug fix update (Moderate) | |||
| CVE-2018-1000877 | medium | — | 5.5 | 7y ago | RHSA-2019:3698: libarchive security and bug fix update (Moderate) | |||
| CVE-2018-1000878 | medium | — | 5.5 | 7y ago | RHSA-2019:3698: libarchive security and bug fix update (Moderate) | |||
| CVE-2018-19870 | medium | — | 5.5 | 7y ago | RHSA-2019:3390: qt5-qtbase security and bug fix update (Moderate) | |||
| CVE-2018-20662 | medium | — | 5.5 | 7y ago | In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by craft… | |||
| CVE-2018-20551 | medium | — | 5.5 | 7y ago | A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Anno… | |||
| CVE-2018-20481 | medium | — | 5.5 | 7y ago | XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when… | |||
| CVE-2018-18897 | medium | — | 5.5 | 7y ago | An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. | |||
| CVE-2018-20650 | medium | — | 5.5 | 7y ago | A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec clas… | |||
| CVE-2018-18508 | medium | — | 5.5 | 7y ago | In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. | |||
| CVE-2018-19800 | medium | — | 5.5 | 7y ago | aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. | |||
| CVE-2018-19802 | medium | — | 5.5 | 7y ago | aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. | |||
| CVE-2018-19801 | medium | — | 5.5 | 7y ago | aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. | |||
| CVE-2018-20676 | medium | — | 5.5 | 8y ago | RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20677 | medium | — | 5.5 | 8y ago | RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-7536 | medium | — | 5.5 | 8y ago | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastroph… | |||
| CVE-2018-7537 | medium | — | 5.5 | 8y ago | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they w… | |||
| CVE-2018-20060 | medium | — | 5.5 | 8y ago | RHSA-2020:1916: python-pip security update (Moderate) | |||
| CVE-2018-20099 | medium | — | 5.5 | 8y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20098 | medium | — | 5.5 | 8y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20097 | medium | — | 5.5 | 8y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20096 | medium | — | 5.5 | 8y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-19352 | medium | — | 5.5 | 8y ago | Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. | |||
| CVE-2018-19351 | medium | — | 5.5 | 8y ago | Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can e… | |||
| CVE-2018-18074 | medium | — | 5.5 | 8y ago | RHSA-2020:1916: python-pip security update (Moderate) | |||
| CVE-2018-3750 | medium | — | 5.5 | 8y ago | RHSA-2021:0549: nodejs:12 security update (Moderate) | |||
| CVE-2018-14574 | medium | — | 5.5 | 8y ago | django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | |||
| CVE-2018-14404 | medium | — | 5.5 | 8y ago | RHSA-2020:1827: libxml2 security update (Moderate) | |||
| CVE-2018-6188 | medium | — | 5.5 | 8y ago | django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from th… | |||
| CVE-2018-16984 | medium | — | 5.5 | 8y ago | An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display a… | |||
| CVE-2018-1000559 | medium | — | 5.5 | 8y ago | qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via… | |||
| CVE-2018-14042 | medium | — | 5.5 | 8y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-1999024 | medium | — | 5.5 | 8y ago | MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. Th… | |||
| CVE-2018-3740 | medium | — | 5.5 | 8y ago | A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. | |||
| CVE-2018-25384 | medium | 5.4 | 5.4 | 6d ago | Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can pos… | |||
| CVE-2018-25334 | medium | 5.4 | 5.4 | 18d ago | Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but… | |||
| CVE-2018-7795 | medium | 5.4 | 5.4 | 8y ago | A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting … | |||
| CVE-2018-25435 | medium | 5.3 | 5.3 | 3d ago | ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate cu… | |||
| CVE-2018-25397 | medium | 5.3 | 5.3 | 6d ago | PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated … | |||
| CVE-2018-25387 | medium | 5.3 | 5.3 | 6d ago | HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft… | |||
| CVE-2018-25370 | medium | 5.3 | 5.3 | 10d ago | Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious H… | |||
| CVE-2018-25336 | medium | 5.3 | 5.3 | 18d ago | jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML form… | |||
| CVE-2018-25327 | medium | 5.3 | 5.3 | 18d ago | Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTM… | |||
| CVE-2018-25298 | medium | 5.3 | 5.3 | 1mo ago | Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attacker… | |||
| CVE-2018-10626 | medium | 4.4 | 4.4 | 8y ago | Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired … | |||
| CVE-2018-25363 | medium | 4.3 | 4.3 | 10d ago | Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms t… | |||
| CVE-2018-25354 | medium | 4.3 | 4.3 | 12d ago | Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pag… | |||
| CVE-2018-25343 | medium | 4.3 | 4.3 | 12d ago | Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft H… | |||
| CVE-2018-25337 | medium | 4.3 | 4.3 | 18d ago | Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML fo… | |||
| CVE-2018-25321 | medium | 4.3 | 4.3 | 18d ago | TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attacker… | |||
| CVE-2018-25310 | medium | 4.3 | 4.3 | 1mo ago | VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cros… |