CVEs from 2018
Total
2,856
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8414 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. | |||
| CVE-2018-14839 | unknown | — | 1.5 | 4y ago | LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability. | |||
| CVE-2018-0151 | unknown | — | 1.5 | 4y ago | A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition … | |||
| CVE-2018-0154 | unknown | — | 1.5 | 4y ago | A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service … | |||
| CVE-2018-0156 | unknown | — | 1.5 | 4y ago | A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a … | |||
| CVE-2018-0155 | unknown | — | 1.5 | 4y ago | A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated,… | |||
| CVE-2018-0161 | unknown | — | 1.5 | 4y ago | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to … | |||
| CVE-2018-0158 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause… | |||
| CVE-2018-0174 | unknown | — | 1.5 | 4y ago | A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS). | |||
| CVE-2018-0175 | unknown | — | 1.5 | 4y ago | Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent atta… | |||
| CVE-2018-0172 | unknown | — | 1.5 | 4y ago | A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS). | |||
| CVE-2018-0180 | unknown | — | 1.5 | 4y ago | A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial … | |||
| CVE-2018-0179 | unknown | — | 1.5 | 4y ago | A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial … | |||
| CVE-2018-0173 | unknown | — | 1.5 | 4y ago | A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for denial-of-service (DoS). | |||
| CVE-2018-0167 | unknown | — | 1.5 | 4y ago | There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthentic… | |||
| CVE-2018-0159 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause… | |||
| CVE-2018-8581 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server. | |||
| CVE-2018-13383 | unknown | — | 1.5 | 5y ago | A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users. | |||
| CVE-2018-14558 | unknown | — | 1.5 | 5y ago | Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows… | |||
| CVE-2018-0798 | unknown | — | 1.5 | 5y ago | Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. … | |||
| CVE-2018-0802 | unknown | — | 1.5 | 5y ago | Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. … | |||
| CVE-2018-4939 | unknown | — | 1.5 | 5y ago | Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution. | |||
| CVE-2018-8653 | unknown | — | 1.5 | 5y ago | Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution. | |||
| CVE-2018-1273 | unknown | — | 1.5 | 8y ago | Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution. | |||
| CVE-2018-11412 | unknown | — | 1.0 | — | In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that sto… | |||
| CVE-2018-4233 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected… | |||
| CVE-2018-4318 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-11508 | unknown | — | 1.0 | — | The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | |||
| CVE-2018-4382 | unknown | — | 1.0 | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Window… | |||
| CVE-2018-7273 | unknown | — | 1.0 | — | In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An a… | |||
| CVE-2018-10583 | unknown | — | 1.0 | — | An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstr… | |||
| CVE-2018-11646 | unknown | — | 1.0 | — | webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unse… | |||
| CVE-2018-16509 | unknown | — | 1.0 | — | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafte… | |||
| CVE-2018-1160 | unknown | — | 1.0 | — | Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage th… | |||
| CVE-2018-4441 | unknown | — | 1.0 | — | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud f… | |||
| CVE-2018-4443 | unknown | — | 1.0 | — | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud f… | |||
| CVE-2018-4306 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4438 | unknown | — | 1.0 | — | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, i… | |||
| CVE-2018-16323 | unknown | — | 1.0 | — | ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into… | |||
| CVE-2018-4416 | unknown | — | 1.0 | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Window… | |||
| CVE-2018-4442 | unknown | — | 1.0 | — | A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud f… | |||
| CVE-2018-4317 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4328 | unknown | — | 1.0 | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4314 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4315 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4323 | unknown | — | 1.0 | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4218 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected… | |||
| CVE-2018-4222 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected… | |||
| CVE-2018-4162 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. … | |||
| CVE-2018-4192 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected… | |||
| CVE-2018-4312 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-4386 | unknown | — | 1.0 | — | Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Window… | |||
| CVE-2018-12293 | unknown | — | 1.0 | — | The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to versio… | |||
| CVE-2018-4089 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involve… | |||
| CVE-2018-4121 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. … | |||
| CVE-2018-12617 | unknown | — | 1.0 | — | qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fau… | |||
| CVE-2018-13457 | unknown | — | 1.0 | — | qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the … | |||
| CVE-2018-13458 | unknown | — | 1.0 | — | qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the … | |||
| CVE-2018-12904 | unknown | — | 1.0 | — | In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial… | |||
| CVE-2018-4197 | unknown | — | 1.0 | — | A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | |||
| CVE-2018-18955 | unknown | — | 1.0 | — | In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ra… | |||
| CVE-2018-4200 | unknown | — | 1.0 | — | An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected… | |||
| CVE-2018-6871 | unknown | — | 1.0 | — | LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. | |||
| CVE-2018-5333 | unknown | — | 1.0 | — | In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL … | |||
| CVE-2018-13441 | unknown | — | 1.0 | — | qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload … | |||
| CVE-2018-1306 | unknown | — | 1.0 | 4y ago | Exposure of Sensitive Information in Apache Pluto | |||
| CVE-2018-8718 | unknown | — | 1.0 | 4y ago | Cross-Site Request Forgery in Jenkins Mailer Plugin | |||
| CVE-2018-10054 | unknown | — | 1.0 | 4y ago | Improper Input Validation in Datomic | |||
| CVE-2018-11770 | unknown | — | 1.0 | 8y ago | org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability | |||
| CVE-2018-1321 | unknown | — | 1.0 | 8y ago | High severity vulnerability that affects org.apache.syncope:syncope-core | |||
| CVE-2018-1322 | unknown | — | 1.0 | 8y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope | |||
| CVE-2018-1335 | unknown | — | 1.0 | 8y ago | Command injection in org.apache.tika:tika-core | |||
| CVE-2018-20022 | unknown | — | — | — | LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can… | |||
| CVE-2018-20024 | unknown | — | — | — | LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. | |||
| CVE-2018-20019 | unknown | — | — | — | LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution | |||
| CVE-2018-15126 | unknown | — | — | — | LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution | |||
| CVE-2018-18496 | unknown | — | — | — | When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing … | |||
| CVE-2018-15127 | unknown | — | — | — | LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution | |||
| CVE-2018-11625 | unknown | — | — | — | In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. | |||
| CVE-2018-18498 | unknown | — | — | — | A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bo… | |||
| CVE-2018-20020 | unknown | — | — | — | LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution | |||
| CVE-2018-10853 | unknown | — | — | — | A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged … | |||
| CVE-2018-12393 | unknown | — | — | — | A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for … | |||
| CVE-2018-12391 | unknown | — | — | — | During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this is… | |||
| CVE-2018-12382 | unknown | — | — | — | The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of … | |||
| CVE-2018-11763 | unknown | — | — | — | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This… | |||
| CVE-2018-6405 | unknown | — | — | — | In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads… | |||
| CVE-2018-12375 | unknown | — | — | — | Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. T… | |||
| CVE-2018-6764 | unknown | — | — | — | util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrar… | |||
| CVE-2018-16657 | unknown | — | — | — | In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcit… | |||
| CVE-2018-1064 | unknown | — | — | — | libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. | |||
| CVE-2018-5748 | unknown | — | — | — | qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. | |||
| CVE-2018-10074 | unknown | — | — | — | The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering … | |||
| CVE-2018-12034 | unknown | — | — | — | In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c. | |||
| CVE-2018-10882 | unknown | — | — | — | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted … | |||
| CVE-2018-13093 | unknown | — | — | — | An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks o… | |||
| CVE-2018-14619 | unknown | — | — | — | A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was free… | |||
| CVE-2018-6536 | unknown | — | — | — | An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes … | |||
| CVE-2018-14437 | unknown | — | — | — | ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. | |||
| CVE-2018-6534 | unknown | — | — | — | An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash. |