CVEs from 2018
Total
2,860
critical
critical 238
high
high 329
medium
medium 260
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- mitel 8
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11379 | high | — | 8.0 | — | The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file. | |||
| CVE-2018-7253 | high | — | 8.0 | — | The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a… | |||
| CVE-2018-20593 | high | — | 8.0 | — | In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. | |||
| CVE-2018-5733 | high | — | 8.0 | — | A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash… | |||
| CVE-2018-14349 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. | |||
| CVE-2018-14362 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' c… | |||
| CVE-2018-12020 | high | — | 8.0 | — | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 t… | |||
| CVE-2018-1000156 | high | — | 8.0 | — | GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear … | |||
| CVE-2018-14363 | high | — | 8.0 | — | An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. | |||
| CVE-2018-14403 | high | — | 8.0 | — | multiple issues in libmp4v2 | |||
| CVE-2018-7889 | high | — | 8.0 | — | gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Pyt… | |||
| CVE-2018-20176 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). | |||
| CVE-2018-20182 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote c… | |||
| CVE-2018-20177 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even … | |||
| CVE-2018-20181 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably e… | |||
| CVE-2018-20179 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even… | |||
| CVE-2018-20180 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably … | |||
| CVE-2018-8792 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). | |||
| CVE-2018-8795 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probabl… | |||
| CVE-2018-8793 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-8794 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even… | |||
| CVE-2018-8796 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). | |||
| CVE-2018-8797 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-8800 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-8799 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). | |||
| CVE-2018-18661 | high | — | 8.0 | — | An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. | |||
| CVE-2018-14526 | high | — | 8.0 | — | An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker … | |||
| CVE-2018-14358 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field. | |||
| CVE-2018-19788 | high | — | 8.0 | — | A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | |||
| CVE-2018-16841 | high | — | 8.0 | — | Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() tw… | |||
| CVE-2018-20002 | high | — | 8.0 | — | The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading t… | |||
| CVE-2018-18642 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2018-18843 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2018-14054 | high | — | 8.0 | — | multiple issues in libmp4v2 | |||
| CVE-2018-1999023 | high | — | 8.0 | — | The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appe… | |||
| CVE-2018-20199 | high | — | 8.0 | — | A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash… | |||
| CVE-2018-20196 | high | — | 8.0 | — | There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a d… | |||
| CVE-2018-1000879 | high | — | 8.0 | — | libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c… | |||
| CVE-2018-7225 | high | — | 8.0 | — | An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive d… | |||
| CVE-2018-7051 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings. | |||
| CVE-2018-14356 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. | |||
| CVE-2018-18226 | high | — | 8.0 | — | In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approa… | |||
| CVE-2018-14353 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. | |||
| CVE-2018-14357 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command as… | |||
| CVE-2018-20175 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). | |||
| CVE-2018-14359 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. | |||
| CVE-2018-11210 | high | — | 8.0 | — | TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use … | |||
| CVE-2018-10963 | high | — | 8.0 | — | The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a di… | |||
| CVE-2018-20712 | high | — | 8.0 | — | A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to… | |||
| CVE-2018-18066 | high | — | 8.0 | — | snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UD… | |||
| CVE-2018-16857 | high | — | 8.0 | — | Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch f… | |||
| CVE-2018-7409 | high | — | 8.0 | — | In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. | |||
| CVE-2018-6148 | high | — | 8.0 | — | access restriction bypass in chromium | |||
| CVE-2018-6149 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2018-14325 | high | — | 8.0 | — | multiple issues in libmp4v2 | |||
| CVE-2018-20360 | high | — | 8.0 | — | An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentati… | |||
| CVE-2018-14350 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field. | |||
| CVE-2018-7054 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix fo… | |||
| CVE-2018-14629 | high | — | 8.0 | — | A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local at… | |||
| CVE-2018-6951 | high | — | 8.0 | — | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c… | |||
| CVE-2018-20030 | high | — | 8.0 | — | An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. | |||
| CVE-2018-14360 | high | — | 8.0 | — | An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage. | |||
| CVE-2018-16839 | high | — | 8.0 | — | Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. | |||
| CVE-2018-16840 | high | — | 8.0 | — | A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` fun… | |||
| CVE-2018-6556 | high | — | 8.0 | — | lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which the… | |||
| CVE-2018-16852 | high | — | 8.0 | — | Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or t… | |||
| CVE-2018-14326 | high | — | 8.0 | — | multiple issues in libmp4v2 | |||
| CVE-2018-16851 | high | — | 8.0 | — | Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the cl… | |||
| CVE-2018-7226 | high | — | 8.0 | — | multiple issues in libvncserver | |||
| CVE-2018-16865 | high | — | 8.0 | — | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A loca… | |||
| CVE-2018-16864 | high | — | 8.0 | — | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls sy… | |||
| CVE-2018-0497 | high | — | 8.0 | — | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vu… | |||
| CVE-2018-0487 | high | — | 8.0 | — | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mi… | |||
| CVE-2018-0488 | high | — | 8.0 | — | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap c… | |||
| CVE-2018-20005 | high | — | 8.0 | — | An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. | |||
| CVE-2018-20004 | high | — | 8.0 | — | An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<ord… | |||
| CVE-2018-20592 | high | — | 8.0 | — | In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted … | |||
| CVE-2018-6791 | high | — | 8.0 | — | An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted th… | |||
| CVE-2018-17407 | high | — | 8.0 | — | An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution wh… | |||
| CVE-2018-10859 | high | — | 8.0 | — | git-annex is vulnerable to an Information Exposure when decrypting files. A malicious server for a special remote could trick git-annex into decrypting a file that was encrypted to the user's gpg key… | |||
| CVE-2018-6767 | high | — | 8.0 | — | A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified othe… | |||
| CVE-2018-14379 | high | — | 8.0 | — | multiple issues in libmp4v2 | |||
| CVE-2018-7053 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order. | |||
| CVE-2018-14055 | high | — | 8.0 | — | ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. | |||
| CVE-2018-19931 | high | — | 8.0 | — | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfco… | |||
| CVE-2018-19039 | high | — | 8.0 | — | arbitrary filesystem access in grafana | |||
| CVE-2018-1046 | high | — | 8.0 | — | pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-base… | |||
| CVE-2018-14351 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size. | |||
| CVE-2018-5391 | high | — | 8.0 | — | The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service … | |||
| CVE-2018-18227 | high | — | 8.0 | — | In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. | |||
| CVE-2018-18225 | high | — | 8.0 | — | In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. | |||
| CVE-2018-16842 | high | — | 8.0 | — | Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | |||
| CVE-2018-7184 | high | — | 8.0 | — | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero… | |||
| CVE-2018-6574 | high | — | 8.0 | 4y ago | Remote command execution via "go get" command with cgo in cmd/go | |||
| CVE-2018-16873 | high | — | 8.0 | 4y ago | Remote command execution via "go get" with "-u" flag in cmd/go | |||
| CVE-2018-16874 | high | — | 8.0 | 4y ago | Directory traversal via "go get" command in cmd/go | |||
| CVE-2018-16875 | high | — | 8.0 | 4y ago | Denial of service in chain verification in crypto/x509 | |||
| CVE-2018-20303 | high | — | 8.0 | 4y ago | Gogs Directory Traversal | |||
| CVE-2018-1999006 | high | — | 8.0 | 4y ago | multiple issues in jenkins | |||
| CVE-2018-7408 | high | — | 8.0 | 4y ago | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's bl… |