CVEs from 2018
Total
2,843
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.4%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20125 | unknown | — | — | — | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. | |||
| CVE-2018-20191 | unknown | — | — | — | hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). | |||
| CVE-2018-20126 | unknown | — | — | — | hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. | |||
| CVE-2018-20216 | unknown | — | — | — | QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). | |||
| CVE-2018-0501 | unknown | — | — | — | The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, … | |||
| CVE-2018-19976 | unknown | — | — | — | In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine. | |||
| CVE-2018-25157 | unknown | — | — | 4mo ago | Phraseanet vulnerable to stored cross-site scripting through crafted file names | |||
| CVE-2018-25111 | unknown | — | — | 1y ago | django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py. | |||
| CVE-2018-25110 | unknown | — | — | 1y ago | Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and ma… | |||
| CVE-2018-12099 | unknown | — | — | 2y ago | Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana | |||
| CVE-2018-12608 | unknown | — | — | 2y ago | An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows sy… | |||
| CVE-2018-18625 | unknown | — | — | 2y ago | Grafana XSS via adding a link in General feature in github.com/grafana/grafana | |||
| CVE-2018-18623 | unknown | — | — | 2y ago | Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana | |||
| CVE-2018-17846 | unknown | — | — | 3y ago | Infinite loop due to improper handling of "select" tags in golang.org/x/net/html | |||
| CVE-2018-5478 | unknown | — | — | 3y ago | Contao Cross-site Scripting vulnerabililty | |||
| CVE-2018-25088 | unknown | — | — | 3y ago | postgraas-server vulnerable to SQL injection | |||
| CVE-2018-17107 | unknown | — | — | 3y ago | tgstation-server cached user logins in legacy server | |||
| CVE-2018-25082 | unknown | — | — | 3y ago | weixin-python XML External Entity vulnerability | |||
| CVE-2018-1103 | unknown | — | — | 3y ago | Arbitrary file write via archive extraction in github.com/openshift/source-to-image | |||
| CVE-2018-25079 | unknown | — | — | 3y ago | is-url Inefficient Regular Expression Complexity vulnerability | |||
| CVE-2018-25077 | unknown | — | — | 3y ago | mel-spintax has Inefficient Regular Expression Complexity | |||
| CVE-2018-25074 | unknown | — | — | 3y ago | skeemas Inefficient Regular Expression Complexity vulnerability | |||
| CVE-2018-25068 | unknown | — | — | 4y ago | globalpom-utils has Insecure Temporary File | |||
| CVE-2018-25066 | unknown | — | — | 4y ago | nodebatis SQL Injection vulnerability | |||
| CVE-2018-25061 | unknown | — | — | 4y ago | rgb2hex vulnerable to inefficient regular expression complexity | |||
| CVE-2018-25060 | unknown | — | — | 4y ago | A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to s… | |||
| CVE-2018-25059 | unknown | — | — | 4y ago | pastebinit Path Traversal vulnerability in github.com/jessfraz/pastebinit | |||
| CVE-2018-25058 | unknown | — | — | 4y ago | Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access | |||
| CVE-2018-25050 | unknown | — | — | 4y ago | Harvest Chosen vulnerable to Cross-site Scripting | |||
| CVE-2018-25053 | unknown | — | — | 4y ago | Json2html vulnerable to cross-site scripting | |||
| CVE-2018-25046 | unknown | — | — | 4y ago | Path traversal in code.cloudfoundry.org/archiver | |||
| CVE-2018-25049 | unknown | — | — | 4y ago | email-existence Inefficient Regular Expression Complexity vulnerability | |||
| CVE-2018-21246 | unknown | — | — | 4y ago | Authentication bypass in github.com/mholt/caddy | |||
| CVE-2018-25047 | unknown | — | — | 4y ago | In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input paramet… | |||
| CVE-2018-14520 | unknown | — | — | 4y ago | Kirby CMS 2.5.12 Cross-site Scripting | |||
| CVE-2018-14519 | unknown | — | — | 4y ago | Kirby CMS 2.5.12 Cross-site Request Forgery | |||
| CVE-2018-7187 | unknown | — | — | 4y ago | Remote command execution via "go get" command with "-insecure" option in cmd/go | |||
| CVE-2018-25045 | unknown | — | — | 4y ago | Django REST framework XSS Vulnerability | |||
| CVE-2018-18855 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Spray JSON | |||
| CVE-2018-17572 | unknown | — | — | 4y ago | InfluxDB 0.9.5 has Reflected XSS in the Write Data module. | |||
| CVE-2018-21268 | unknown | — | — | 4y ago | Node-Traceroute RCE Vulnerability | |||
| CVE-2018-21258 | unknown | — | — | 4y ago | Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command in github.com/mattermost/mattermost-server | |||
| CVE-2018-16848 | unknown | — | — | 4y ago | A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can … | |||
| CVE-2018-21034 | unknown | — | — | 4y ago | Argo Exposure of Sensitive Information in github.com/argoproj/argo-cd | |||
| CVE-2018-21037 | unknown | — | — | 4y ago | Subrion CMS CSRF Vulnerability | |||
| CVE-2018-1002104 | unknown | — | — | 4y ago | Kubernetes ingress exposes sensitive information | |||
| CVE-2018-7269 | unknown | — | — | 4y ago | Yii SQL injection vulnerability | |||
| CVE-2018-21025 | unknown | — | — | 4y ago | Centreon Privilege Escalation | |||
| CVE-2018-8074 | unknown | — | — | 4y ago | Yii Framework Code Injection | |||
| CVE-2018-21019 | unknown | — | — | 4y ago | Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py. | |||
| CVE-2018-20962 | unknown | — | — | 4y ago | Backpack\CRUD for Laravel XSS Vulnerability | |||
| CVE-2018-10899 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jolokia | |||
| CVE-2018-17196 | unknown | — | — | 4y ago | Improper Input Validation in Apache Kafka | |||
| CVE-2018-11317 | unknown | — | — | 4y ago | Subrion CMS XSS | |||
| CVE-2018-15747 | unknown | — | — | 4y ago | glot-code-runner RCE | |||
| CVE-2018-16514 | unknown | — | — | 4y ago | MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO | |||
| CVE-2018-13983 | unknown | — | — | 4y ago | ImpressCMS XSS | |||
| CVE-2018-5215 | unknown | — | — | 4y ago | Fork CMS XSS Vulnerability | |||
| CVE-2018-5362 | unknown | — | — | 4y ago | WPGlobus plugin Stored XSS & CSRF security vulnerability | |||
| CVE-2018-5367 | unknown | — | — | 4y ago | WPGlobus plugin Stored XSS & CSRF security vulnerability | |||
| CVE-2018-5366 | unknown | — | — | 4y ago | WPGlobus plugin Stored XSS & CSRF security vulnerability | |||
| CVE-2018-5363 | unknown | — | — | 4y ago | WPGlobus plugin Stored XSS & CSRF security vulnerability | |||
| CVE-2018-5364 | unknown | — | — | 4y ago | WPGlobus plugin Stored XSS & CSRF security vulnerability | |||
| CVE-2018-5365 | unknown | — | — | 4y ago | WPGlobus plugin Stored XSS & CSRF security vulnerability | |||
| CVE-2018-5301 | unknown | — | — | 4y ago | Magento Cross-Site Request Forgery (CSRF) | |||
| CVE-2018-1044 | unknown | — | — | 4y ago | Moodle Privilege escalation in quiz web services | |||
| CVE-2018-1045 | unknown | — | — | 4y ago | Moodle XSS Vulnerability | |||
| CVE-2018-1000009 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Checkstyle Plugin | |||
| CVE-2018-1000010 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins DRY Plugin | |||
| CVE-2018-1000008 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins PMD Plugin | |||
| CVE-2018-1000011 | unknown | — | — | 4y ago | XML External Entity Reference in Jenkins FindBugs Plugin | |||
| CVE-2018-1000013 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Release plugin | |||
| CVE-2018-1000012 | unknown | — | — | 4y ago | XXE vulnerability Jenkins Warnings Plugin | |||
| CVE-2018-1000014 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Translation Assistance plugin | |||
| CVE-2018-6009 | unknown | — | — | 4y ago | Yii Framework Cross-Site Request Forgery (CSRF) | |||
| CVE-2018-6520 | unknown | — | — | 4y ago | SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. | |||
| CVE-2018-6561 | unknown | — | — | 4y ago | dijit editor cross-site scripting vulnerability | |||
| CVE-2018-1192 | unknown | — | — | 4y ago | Cloud Foundry UAA SessionID present in Audit Event Logs | |||
| CVE-2018-1000055 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Android Lint Plugin | |||
| CVE-2018-1000056 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin | |||
| CVE-2018-1000058 | unknown | — | — | 4y ago | Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin | |||
| CVE-2018-7302 | unknown | — | — | 4y ago | Tiki Wiki CMS XSS Vulnerability | |||
| CVE-2018-1000054 | unknown | — | — | 4y ago | Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2018-1316 | unknown | — | — | 4y ago | Apache ODE Path Traversal vulnerability | |||
| CVE-2018-7711 | unknown | — | — | 4y ago | HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures acce… | |||
| CVE-2018-1000108 | unknown | — | — | 4y ago | Reflected cross-site-scripting vulnerability in report URL of Jenkins CppNCSS Plugin | |||
| CVE-2018-1000113 | unknown | — | — | 4y ago | Stored cross-site scripting vulnerability in Jenkins TestLink Plugin | |||
| CVE-2018-1000089 | unknown | — | — | 4y ago | Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could … | |||
| CVE-2018-8073 | unknown | — | — | 4y ago | yii2-redis Potential Remote code execution | |||
| CVE-2018-5233 | unknown | — | — | 4y ago | Grav CMS Cross-site scripting (XSS) vulnerability | |||
| CVE-2018-9108 | unknown | — | — | 4y ago | QuickAppsCMS Cross-Site Request Forgery (CSRF) | |||
| CVE-2018-9057 | unknown | — | — | 4y ago | HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG | |||
| CVE-2018-7035 | unknown | — | — | 4y ago | Gleez CMS Stored XSS | |||
| CVE-2018-6905 | unknown | — | — | 4y ago | Typo3 XSS Vulnerability | |||
| CVE-2018-1000144 | unknown | — | — | 4y ago | Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability | |||
| CVE-2018-1000150 | unknown | — | — | 4y ago | Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users | |||
| CVE-2018-1000147 | unknown | — | — | 4y ago | Jenkins Perforce Plugin exposure of sensitive information vulnerability exists | |||
| CVE-2018-1000151 | unknown | — | — | 4y ago | Jenkins vSphere Plugin disables SSL/TLS certificate validation by default | |||
| CVE-2018-1000143 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin | |||
| CVE-2018-1000142 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials |