CVEs from 2018
Total
2,856
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-25422 | high | 8.2 | 8.2 | 7d ago | MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attacke… | |||
| CVE-2018-25420 | high | 8.2 | 8.2 | 7d ago | AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers ca… | |||
| CVE-2018-25419 | high | 8.2 | 8.2 | 7d ago | AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers c… | |||
| CVE-2018-25418 | high | 8.2 | 8.2 | 7d ago | AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Attackers ca… | |||
| CVE-2018-25417 | high | 8.2 | 8.2 | 7d ago | AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Attackers… | |||
| CVE-2018-25416 | high | 8.2 | 8.2 | 7d ago | AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers… | |||
| CVE-2018-25415 | high | 8.2 | 8.2 | 7d ago | AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attacker… | |||
| CVE-2018-25414 | high | 8.2 | 8.2 | 7d ago | AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Attackers c… | |||
| CVE-2018-25413 | high | 8.2 | 8.2 | 7d ago | AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can… | |||
| CVE-2018-25411 | high | 8.2 | 8.2 | 7d ago | MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter.… | |||
| CVE-2018-25407 | high | 8.2 | 8.2 | 7d ago | eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A… | |||
| CVE-2018-25406 | high | 8.2 | 8.2 | 7d ago | eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A… | |||
| CVE-2018-25405 | high | 8.2 | 8.2 | 7d ago | eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. A… | |||
| CVE-2018-25404 | high | 8.2 | 8.2 | 8d ago | The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter.… | |||
| CVE-2018-25403 | high | 8.2 | 8.2 | 8d ago | The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack… | |||
| CVE-2018-25402 | high | 8.2 | 8.2 | 8d ago | The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack… | |||
| CVE-2018-25401 | high | 8.2 | 8.2 | 8d ago | The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attack… | |||
| CVE-2018-25400 | high | 8.2 | 8.2 | 8d ago | The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Atta… | |||
| CVE-2018-25399 | high | 8.2 | 8.2 | 8d ago | The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and tick_ln… | |||
| CVE-2018-25398 | high | 8.2 | 8.2 | 8d ago | The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd parameter… | |||
| CVE-2018-25395 | high | 8.2 | 8.2 | 8d ago | Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of board… | |||
| CVE-2018-25394 | high | 8.2 | 8.2 | 8d ago | Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of board… | |||
| CVE-2018-25390 | high | 8.2 | 8.2 | 8d ago | HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to lap-peserta-p… | |||
| CVE-2018-25389 | high | 8.2 | 8.2 | 8d ago | HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-… | |||
| CVE-2018-25386 | high | 8.2 | 8.2 | 8d ago | HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticate… | |||
| CVE-2018-25385 | high | 8.2 | 8.2 | 8d ago | E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai parame… | |||
| CVE-2018-25382 | high | 8.2 | 8.2 | 8d ago | Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted … | |||
| CVE-2018-25372 | high | 8.2 | 8.2 | 12d ago | MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email param… | |||
| CVE-2018-25371 | high | 8.2 | 8.2 | 12d ago | mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality… | |||
| CVE-2018-25364 | high | 8.2 | 8.2 | 12d ago | Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can sub… | |||
| CVE-2018-25362 | high | 8.2 | 8.2 | 12d ago | Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit unio… | |||
| CVE-2018-25379 | high | 8.2 | 8.2 | 12d ago | Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attacke… | |||
| CVE-2018-25351 | high | 8.2 | 8.2 | 14d ago | Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the usernam… | |||
| CVE-2018-25348 | high | 8.2 | 8.2 | 14d ago | Joomla! Component Ek Rishta 2.10 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attacker… | |||
| CVE-2018-25342 | high | 8.2 | 8.2 | 14d ago | Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in sear… | |||
| CVE-2018-25341 | high | 8.2 | 8.2 | 14d ago | Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET … | |||
| CVE-2018-25340 | high | 8.2 | 8.2 | 14d ago | Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET … | |||
| CVE-2018-25339 | high | 8.2 | 8.2 | 20d ago | Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the… | |||
| CVE-2018-25338 | high | 8.2 | 8.2 | 20d ago | Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit th… | |||
| CVE-2018-25333 | high | 8.2 | 8.2 | 20d ago | Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the … | |||
| CVE-2018-25330 | high | 8.2 | 8.2 | 20d ago | Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. At… | |||
| CVE-2018-25300 | high | 8.2 | 8.2 | 1mo ago | XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers c… | |||
| CVE-2018-25206 | high | 8.2 | 8.2 | 2mo ago | KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_item_search' parameter in edit.php. Attackers can submit POST requests with malici… | |||
| CVE-2018-25203 | high | 8.2 | 8.2 | 2mo ago | Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers c… | |||
| CVE-2018-7798 | high | 8.2 | 8.2 | 8y ago | A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when… | |||
| CVE-2018-16853 | high | — | 8.0 | — | Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba T… | |||
| CVE-2018-7253 | high | — | 8.0 | — | The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a… | |||
| CVE-2018-20712 | high | — | 8.0 | — | A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to… | |||
| CVE-2018-8905 | high | — | 8.0 | — | In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. | |||
| CVE-2018-5784 | high | — | 8.0 | — | In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a cr… | |||
| CVE-2018-7170 | high | — | 8.0 | — | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock sel… | |||
| CVE-2018-19932 | high | — | 8.0 | — | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINE… | |||
| CVE-2018-7185 | high | — | 8.0 | — | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address… | |||
| CVE-2018-14350 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field. | |||
| CVE-2018-18227 | high | — | 8.0 | — | In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. | |||
| CVE-2018-18225 | high | — | 8.0 | — | In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. | |||
| CVE-2018-14356 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. | |||
| CVE-2018-12020 | high | — | 8.0 | — | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 t… | |||
| CVE-2018-11769 | high | — | 8.0 | — | arbitrary code execution in couchdb | |||
| CVE-2018-7183 | high | — | 8.0 | — | Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted a… | |||
| CVE-2018-7456 | high | — | 8.0 | — | A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.… | |||
| CVE-2018-8798 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak. | |||
| CVE-2018-8791 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak. | |||
| CVE-2018-20178 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function process_demand_active() that results in a Denial of Service (segfault). | |||
| CVE-2018-6791 | high | — | 8.0 | — | An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted th… | |||
| CVE-2018-7054 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix fo… | |||
| CVE-2018-10857 | high | — | 8.0 | — | git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on loca… | |||
| CVE-2018-5744 | high | — | 8.0 | — | A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, a… | |||
| CVE-2018-7052 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur. | |||
| CVE-2018-18284 | high | — | 8.0 | — | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | |||
| CVE-2018-6360 | high | — | 8.0 | — | mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute w… | |||
| CVE-2018-11210 | high | — | 8.0 | — | TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use … | |||
| CVE-2018-19039 | high | — | 8.0 | — | arbitrary filesystem access in grafana | |||
| CVE-2018-1000051 | high | — | 8.0 | — | Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a … | |||
| CVE-2018-6187 | high | — | 8.0 | — | In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cau… | |||
| CVE-2018-5686 | high | — | 8.0 | — | In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vul… | |||
| CVE-2018-6192 | high | — | 8.0 | — | In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | |||
| CVE-2018-6544 | high | — | 8.0 | — | pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of servi… | |||
| CVE-2018-14360 | high | — | 8.0 | — | An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage. | |||
| CVE-2018-1100 | high | — | 8.0 | — | arbitrary code execution in zsh | |||
| CVE-2018-1046 | high | — | 8.0 | — | pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-base… | |||
| CVE-2018-16840 | high | — | 8.0 | — | A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` fun… | |||
| CVE-2018-11384 | high | — | 8.0 | — | The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. | |||
| CVE-2018-11383 | high | — | 8.0 | — | The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in … | |||
| CVE-2018-11382 | high | — | 8.0 | — | The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | |||
| CVE-2018-11380 | high | — | 8.0 | — | The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file. | |||
| CVE-2018-11379 | high | — | 8.0 | — | The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file. | |||
| CVE-2018-11377 | high | — | 8.0 | — | The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | |||
| CVE-2018-11376 | high | — | 8.0 | — | The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. | |||
| CVE-2018-11381 | high | — | 8.0 | — | The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | |||
| CVE-2018-11375 | high | — | 8.0 | — | The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. | |||
| CVE-2018-11378 | high | — | 8.0 | — | The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file. | |||
| CVE-2018-16151 | high | — | 8.0 | — | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded al… | |||
| CVE-2018-20176 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). | |||
| CVE-2018-20182 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote c… | |||
| CVE-2018-20177 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even … | |||
| CVE-2018-20181 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably e… | |||
| CVE-2018-14056 | high | — | 8.0 | — | ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | |||
| CVE-2018-14357 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command as… | |||
| CVE-2018-20175 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). |