CVEs from 2018
Total
3,156
critical
critical 228
high
high 272
medium
medium 224
low
low 32
% Critical
7.2%
% with KEV
2.8%
% with exploit
4.0%
Top vendors
Top products
- modicon_m221 6
- erpnext 4
- somachine_basic 2
- modicon_m340 2
- modicon_m580 2
- 140cpu67160 1
- 140cpu65160s 1
- terminal_services_manager 1
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10933 | critical | — | 10.0 | — | A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unautho… | |||
| CVE-2018-17463 | critical | — | 10.0 | 4y ago | Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web br… | |||
| CVE-2018-7600 | critical | — | 10.0 | 8y ago | Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. | |||
| CVE-2018-15473 | medium | — | 6.5 | — | OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, re… | |||
| CVE-2018-20781 | medium | — | 6.5 | — | In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. |