CVEs from 2018
Total
2,860
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20592 | high | — | 8.0 | — | In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted … | |||
| CVE-2018-12020 | high | — | 8.0 | — | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 t… | |||
| CVE-2018-7253 | high | — | 8.0 | — | The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a… | |||
| CVE-2018-7183 | high | — | 8.0 | — | Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted a… | |||
| CVE-2018-1046 | high | — | 8.0 | — | pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-base… | |||
| CVE-2018-9846 | high | — | 8.0 | — | In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mb… | |||
| CVE-2018-14325 | high | — | 8.0 | — | multiple issues in libmp4v2 | |||
| CVE-2018-14403 | high | — | 8.0 | — | multiple issues in libmp4v2 | |||
| CVE-2018-7053 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order. | |||
| CVE-2018-14055 | high | — | 8.0 | — | ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. | |||
| CVE-2018-16152 | high | — | 8.0 | — | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorit… | |||
| CVE-2018-7456 | high | — | 8.0 | — | A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.… | |||
| CVE-2018-6767 | high | — | 8.0 | — | A stack-based buffer over-read in the ParseRiffHeaderConfig function of cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service attack or possibly have unspecified othe… | |||
| CVE-2018-7051 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings. | |||
| CVE-2018-8905 | high | — | 8.0 | — | In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. | |||
| CVE-2018-0488 | high | — | 8.0 | — | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap c… | |||
| CVE-2018-0487 | high | — | 8.0 | — | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mi… | |||
| CVE-2018-0497 | high | — | 8.0 | — | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vu… | |||
| CVE-2018-5784 | high | — | 8.0 | — | In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a cr… | |||
| CVE-2018-14359 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. | |||
| CVE-2018-7054 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix fo… | |||
| CVE-2018-14363 | high | — | 8.0 | — | An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. | |||
| CVE-2018-1000880 | high | — | 8.0 | — | libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read… | |||
| CVE-2018-18644 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2018-5744 | high | — | 8.0 | — | A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, a… | |||
| CVE-2018-7052 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur. | |||
| CVE-2018-14351 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size. | |||
| CVE-2018-14361 | high | — | 8.0 | — | An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data. | |||
| CVE-2018-0500 | high | — | 8.0 | — | Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits o… | |||
| CVE-2018-16842 | high | — | 8.0 | — | Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | |||
| CVE-2018-18066 | high | — | 8.0 | — | snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UD… | |||
| CVE-2018-19931 | high | — | 8.0 | — | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfco… | |||
| CVE-2018-16841 | high | — | 8.0 | — | Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() tw… | |||
| CVE-2018-19932 | high | — | 8.0 | — | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINE… | |||
| CVE-2018-16864 | high | — | 8.0 | — | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls sy… | |||
| CVE-2018-16865 | high | — | 8.0 | — | An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A loca… | |||
| CVE-2018-14358 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field. | |||
| CVE-2018-14526 | high | — | 8.0 | — | An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker … | |||
| CVE-2018-14350 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field. | |||
| CVE-2018-14352 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow. | |||
| CVE-2018-5733 | high | — | 8.0 | — | A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash… | |||
| CVE-2018-18284 | high | — | 8.0 | — | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | |||
| CVE-2018-6360 | high | — | 8.0 | — | mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute w… | |||
| CVE-2018-14349 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. | |||
| CVE-2018-5391 | high | — | 8.0 | — | The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service … | |||
| CVE-2018-7170 | high | — | 8.0 | — | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock sel… | |||
| CVE-2018-14362 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' c… | |||
| CVE-2018-14353 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. | |||
| CVE-2018-18226 | high | — | 8.0 | — | In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approa… | |||
| CVE-2018-1000879 | high | — | 8.0 | — | libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c… | |||
| CVE-2018-7889 | high | — | 8.0 | — | gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Pyt… | |||
| CVE-2018-20175 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault). | |||
| CVE-2018-14056 | high | — | 8.0 | — | ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | |||
| CVE-2018-19039 | high | — | 8.0 | — | arbitrary filesystem access in grafana | |||
| CVE-2018-16853 | high | — | 8.0 | — | Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba T… | |||
| CVE-2018-16857 | high | — | 8.0 | — | Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch f… | |||
| CVE-2018-6951 | high | — | 8.0 | — | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c… | |||
| CVE-2018-1100 | high | — | 8.0 | — | arbitrary code execution in zsh | |||
| CVE-2018-8799 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_secondary_order() that results in a Denial of Service (segfault). | |||
| CVE-2018-7226 | high | — | 8.0 | — | multiple issues in libvncserver | |||
| CVE-2018-14326 | high | — | 8.0 | — | multiple issues in libmp4v2 | |||
| CVE-2018-14355 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. | |||
| CVE-2018-1000156 | high | — | 8.0 | — | GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear … | |||
| CVE-2018-8800 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-8797 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-18642 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2018-18843 | high | — | 8.0 | — | multiple issues in gitlab | |||
| CVE-2018-14054 | high | — | 8.0 | — | multiple issues in libmp4v2 | |||
| CVE-2018-14354 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command as… | |||
| CVE-2018-20002 | high | — | 8.0 | — | The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading t… | |||
| CVE-2018-8796 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault). | |||
| CVE-2018-8794 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even… | |||
| CVE-2018-8793 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution. | |||
| CVE-2018-8795 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probabl… | |||
| CVE-2018-19788 | high | — | 8.0 | — | A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | |||
| CVE-2018-10857 | high | — | 8.0 | — | git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on loca… | |||
| CVE-2018-8792 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault). | |||
| CVE-2018-20180 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably … | |||
| CVE-2018-20179 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function lspci_process() and results in memory corruption and probably even… | |||
| CVE-2018-20181 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably e… | |||
| CVE-2018-18073 | high | — | 8.0 | — | Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | |||
| CVE-2018-20177 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even … | |||
| CVE-2018-20182 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote c… | |||
| CVE-2018-20176 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain several Out-Of- Bounds Reads in the file secure.c that result in a Denial of Service (segfault). | |||
| CVE-2018-20593 | high | — | 8.0 | — | In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c. | |||
| CVE-2018-7184 | high | — | 8.0 | — | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero… | |||
| CVE-2018-1999023 | high | — | 8.0 | — | The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appe… | |||
| CVE-2018-20712 | high | — | 8.0 | — | A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to… | |||
| CVE-2018-5390 | high | — | 8.0 | — | Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | |||
| CVE-2018-11803 | high | — | 8.0 | — | Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory li… | |||
| CVE-2018-14357 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command as… | |||
| CVE-2018-14629 | high | — | 8.0 | — | A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local at… | |||
| CVE-2018-20030 | high | — | 8.0 | — | An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. | |||
| CVE-2018-6574 | high | — | 8.0 | 4y ago | Remote command execution via "go get" command with cgo in cmd/go | |||
| CVE-2018-16873 | high | — | 8.0 | 4y ago | Remote command execution via "go get" with "-u" flag in cmd/go | |||
| CVE-2018-16874 | high | — | 8.0 | 4y ago | Directory traversal via "go get" command in cmd/go | |||
| CVE-2018-16875 | high | — | 8.0 | 4y ago | Denial of service in chain verification in crypto/x509 | |||
| CVE-2018-20303 | high | — | 8.0 | 4y ago | Gogs Directory Traversal | |||
| CVE-2018-1999006 | high | — | 8.0 | 4y ago | multiple issues in jenkins | |||
| CVE-2018-7408 | high | — | 8.0 | 4y ago | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's bl… |