VIR Vulnerability Intelligence Relay

CVEs from 2018

2,842 normalized CVEs published or assigned in this year.

Total
2,842
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.4%
% with KEV
3.1%
% with exploit
9.1%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-0572 unknown 4y ago baserCMS vulnerable to Access Control Bypass
CVE-2018-0573 unknown 4y ago baserCMS Access Control Bypass
CVE-2018-7274 unknown 4y ago Yab Quarx persistent cross-site scripting vulnerability
CVE-2018-1002202 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Zip4j
CVE-2018-1002103 unknown 4y ago Minikube RCE via DNS Rebinding in k8s.io/minikube
CVE-2018-1002100 unknown 4y ago In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary…
CVE-2018-1002200 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
CVE-2018-1002208 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib
CVE-2018-10856 unknown 4y ago It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.
CVE-2018-10894 unknown 4y ago Keycloak Authentication Error
CVE-2018-10889 unknown 4y ago Moodle sensitive information disclosure
CVE-2018-10890 unknown 4y ago Moodle Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-14636 unknown 4y ago Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively…
CVE-2018-14632 unknown 4y ago Out-of-bounds write in github.com/evanphx/json-patch
CVE-2018-14630 unknown 4y ago Moodle XML import of ddwtos could lead to intentional remote code execution
CVE-2018-14631 unknown 4y ago Moodle Cross-site Scripting
CVE-2018-14655 unknown 4y ago Keycloak vulnerable to cross-site scripting via the state parameter
CVE-2018-14658 unknown 4y ago Keycloak Open Redirect
CVE-2018-15761 unknown 4y ago Cloud Foundry UAA Privilege Escalation
CVE-2018-16849 unknown 4y ago A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor r…
CVE-2018-17247 unknown 4y ago Improper Restriction of XML External Entity Reference in Elasticsearch
CVE-2018-17244 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
CVE-2018-16854 unknown 4y ago Moodle Login CSRF vulnerability in login form
CVE-2018-1051 unknown 4y ago Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider
CVE-2018-1082 unknown 4y ago Moodle Improper Authentication
CVE-2018-1114 unknown 4y ago Uncontrolled Resource Consumption in Undertow
CVE-2018-1131 unknown 4y ago Deserialization of Untrusted Data in Infinispan
CVE-2018-1229 unknown 4y ago Cross-site Scripting in Pivotal Spring Batch Admin
CVE-2018-3758 unknown 4y ago express-cart unrestricted file upload vulnerability
CVE-2018-3771 unknown 4y ago statics-server Cross-site Scripting vulnerability
CVE-2018-3824 unknown 4y ago Elasticsearch subject to cross site scripting
CVE-2018-6333 unknown 4y ago Nuclide Improper Input Validation
CVE-2018-16551 unknown 4y ago Stored XSS in LavaLite 5.5
CVE-2018-20758 unknown 4y ago MODX vulnerability allows for XSS via user settings parameters
CVE-2018-0504 unknown 4y ago Mediawiki information disclosure vulnerability
CVE-2018-1002201 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in zt-zip
CVE-2018-13864 unknown 4y ago Play Framework's Assets controller vulnerable to directory traversal
CVE-2018-1999033 unknown 4y ago Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin
CVE-2018-1000426 unknown 4y ago Stored XSS vulnerability in Jenkins Git Changelog Plugin
CVE-2018-5960 unknown 4y ago SQL Injection in Zenario 7.1-7.6
CVE-2018-6464 unknown 4y ago Simditor XSS Vulnerability
CVE-2018-3831 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
CVE-2018-13346 unknown 4y ago The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004.
CVE-2018-1000132 unknown 4y ago Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via …
CVE-2018-13347 unknown 4y ago mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002.
CVE-2018-13348 unknown 4y ago The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actu…
CVE-2018-1999009 unknown 4y ago October CMS Local File Inclusion
CVE-2018-15751 unknown 4y ago SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
CVE-2018-15750 unknown 4y ago Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
CVE-2018-8624 unknown 4y ago ChakraCore Remote code execution Vulnerability
CVE-2018-8629 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8618 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8583 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8588 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8557 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8556 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8543 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8542 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8551 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8555 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8513 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8511 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8541 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8505 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8510 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8503 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8500 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8465 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8459 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8456 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8391 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8416 unknown 4y ago Tampering vulnerability in .NET Core
CVE-2018-8385 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8390 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8381 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8380 unknown 4y ago ChakraCore remote code execution vulnerability
CVE-2018-8367 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8372 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8371 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8359 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8354 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8290 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8294 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8286 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8287 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8283 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8280 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8266 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8227 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8243 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8177 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8130 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8137 unknown 4y ago ChakraCore RCE Vulnerability
CVE-2018-8015 unknown 4y ago Apache ORC vulnerable to Uncontrolled Recursion
CVE-2018-6010 unknown 4y ago Yii Framework reflected Cross-site Scripting
CVE-2018-5361 unknown 4y ago WPGlobus plugin Stored XSS & CSRF security vulnerability
CVE-2018-3814 unknown 4y ago Craft CMS PHP Code Injection Vulnerability
CVE-2018-20028 unknown 4y ago Contao Information Disclosure via Access Control Flaws
CVE-2018-18942 unknown 4y ago RCE in baserCMS before 4.1.4
CVE-2018-18240 unknown 4y ago Pippo RCE Vulnerability