CVEs from 2018
Total
2,856
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15126 | unknown | — | — | — | LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution | |||
| CVE-2018-20019 | unknown | — | — | — | LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution | |||
| CVE-2018-20024 | unknown | — | — | — | LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. | |||
| CVE-2018-14663 | unknown | — | — | — | An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record wh… | |||
| CVE-2018-14662 | unknown | — | — | — | It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | |||
| CVE-2018-1000127 | unknown | — | — | — | memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused f… | |||
| CVE-2018-10858 | unknown | — | — | — | A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a sam… | |||
| CVE-2018-14628 | unknown | — | — | — | An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attrib… | |||
| CVE-2018-10919 | unknown | — | — | — | The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential… | |||
| CVE-2018-10918 | unknown | — | — | — | A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Dir… | |||
| CVE-2018-16657 | unknown | — | — | — | In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcit… | |||
| CVE-2018-12375 | unknown | — | — | — | Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. T… | |||
| CVE-2018-18498 | unknown | — | — | — | A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bo… | |||
| CVE-2018-18496 | unknown | — | — | — | When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing … | |||
| CVE-2018-5130 | unknown | — | — | — | When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and F… | |||
| CVE-2018-5131 | unknown | — | — | — | Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network… | |||
| CVE-2018-5135 | unknown | — | — | — | WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebE… | |||
| CVE-2018-5133 | unknown | — | — | — | If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browse… | |||
| CVE-2018-5134 | unknown | — | — | — | WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content.… | |||
| CVE-2018-5136 | unknown | — | — | — | A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59. | |||
| CVE-2018-5137 | unknown | — | — | — | A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the … | |||
| CVE-2018-5138 | unknown | — | — | — | A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox … | |||
| CVE-2018-5140 | unknown | — | — | — | Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are a… | |||
| CVE-2018-5141 | unknown | — | — | — | A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial o… | |||
| CVE-2018-12384 | unknown | — | — | — | When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv… | |||
| CVE-2018-12404 | unknown | — | — | — | A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher… | |||
| CVE-2018-10839 | unknown | — | — | — | Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the netw… | |||
| CVE-2018-15746 | unknown | — | — | — | qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. | |||
| CVE-2018-16847 | unknown | — | — | — | An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to cras… | |||
| CVE-2018-16867 | unknown | — | — | — | A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When … | |||
| CVE-2018-16872 | unknown | — | — | — | A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the… | |||
| CVE-2018-18849 | unknown | — | — | — | In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value. | |||
| CVE-2018-17962 | unknown | — | — | — | Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used. | |||
| CVE-2018-17963 | unknown | — | — | — | qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. | |||
| CVE-2018-5683 | unknown | — | — | — | The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. | |||
| CVE-2018-18438 | unknown | — | — | — | Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. | |||
| CVE-2018-19364 | unknown | — | — | — | hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. | |||
| CVE-2018-19489 | unknown | — | — | — | v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. | |||
| CVE-2018-19665 | unknown | — | — | — | The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. | |||
| CVE-2018-20123 | unknown | — | — | — | pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. | |||
| CVE-2018-7550 | unknown | — | — | — | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss… | |||
| CVE-2018-1049 | unknown | — | — | — | In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint … | |||
| CVE-2018-11506 | unknown | — | — | — | The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified othe… | |||
| CVE-2018-12232 | unknown | — | — | — | In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sock… | |||
| CVE-2018-12930 | unknown | — | — | — | ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or pani… | |||
| CVE-2018-12233 | unknown | — | — | — | In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on t… | |||
| CVE-2018-12633 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of … | |||
| CVE-2018-12714 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one… | |||
| CVE-2018-13053 | unknown | — | — | — | The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. | |||
| CVE-2018-13094 | unknown | — | — | — | An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. | |||
| CVE-2018-13093 | unknown | — | — | — | An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks o… | |||
| CVE-2018-13097 | unknown | — | — | — | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, le… | |||
| CVE-2018-18559 | unknown | — | — | — | In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea78… | |||
| CVE-2018-18690 | unknown | — | — | — | In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error conditio… | |||
| CVE-2018-18710 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast… | |||
| CVE-2018-19406 | unknown | — | — | — | kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a sit… | |||
| CVE-2018-20509 | unknown | — | — | — | The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debug… | |||
| CVE-2018-20669 | unknown | — | — | — | An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A loc… | |||
| CVE-2018-20836 | unknown | — | — | — | An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. | |||
| CVE-2018-20856 | unknown | — | — | — | An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. | |||
| CVE-2018-20976 | unknown | — | — | — | An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. | |||
| CVE-2018-5750 | unknown | — | — | — | The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. | |||
| CVE-2018-9516 | unknown | — | — | — | In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution priv… | |||
| CVE-2018-1079 | unknown | — | — | — | pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name fro… | |||
| CVE-2018-20216 | unknown | — | — | — | QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). | |||
| CVE-2018-10177 | unknown | — | — | — | In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a craf… | |||
| CVE-2018-10805 | unknown | — | — | — | ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. | |||
| CVE-2018-10888 | unknown | — | — | — | A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use… | |||
| CVE-2018-5357 | unknown | — | — | — | ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. | |||
| CVE-2018-9135 | unknown | — | — | — | In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. | |||
| CVE-2018-20124 | unknown | — | — | — | hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. | |||
| CVE-2018-1000003 | unknown | — | — | — | Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. | |||
| CVE-2018-11624 | unknown | — | — | — | In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. | |||
| CVE-2018-11251 | unknown | — | — | — | In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGra… | |||
| CVE-2018-14436 | unknown | — | — | — | ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. | |||
| CVE-2018-11655 | unknown | — | — | — | In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted C… | |||
| CVE-2018-11656 | unknown | — | — | — | In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image fil… | |||
| CVE-2018-12600 | unknown | — | — | — | In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. | |||
| CVE-2018-14434 | unknown | — | — | — | ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c. | |||
| CVE-2018-16329 | unknown | — | — | — | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. | |||
| CVE-2018-14551 | unknown | — | — | — | The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption. | |||
| CVE-2018-16328 | unknown | — | — | — | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. | |||
| CVE-2018-16640 | unknown | — | — | — | ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. | |||
| CVE-2018-16641 | unknown | — | — | — | ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. | |||
| CVE-2018-16642 | unknown | — | — | — | The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. | |||
| CVE-2018-16643 | unknown | — | — | — | The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of th… | |||
| CVE-2018-16749 | unknown | — | — | — | In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a c… | |||
| CVE-2018-17967 | unknown | — | — | — | ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c. | |||
| CVE-2018-5247 | unknown | — | — | — | In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. | |||
| CVE-2018-18016 | unknown | — | — | — | ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. | |||
| CVE-2018-18023 | unknown | — | — | — | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file. | |||
| CVE-2018-18024 | unknown | — | — | — | In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a cra… | |||
| CVE-2018-18025 | unknown | — | — | — | In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file. | |||
| CVE-2018-5358 | unknown | — | — | — | ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. | |||
| CVE-2018-5248 | unknown | — | — | — | In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. | |||
| CVE-2018-6930 | unknown | — | — | — | A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash)… | |||
| CVE-2018-7470 | unknown | — | — | — | An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file. | |||
| CVE-2018-8804 | unknown | — | — | — | WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified oth… | |||
| CVE-2018-8960 | unknown | — | — | — | The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. | |||
| CVE-2018-20450 | unknown | — | — | — | The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-28… |