VIR Vulnerability Intelligence Relay

CVEs from 2018

3,719 normalized CVEs published or assigned in this year.

Total
3,719
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
6.1%
% with KEV
2.4%
% with exploit
2.4%

Top vendors

Top products

  • erpnext 4
  • terminal_services_manager 1
  • ultraiso 1
  • dolibarr_erp\/crm 1
  • gitbucket 1
  • pdfunite 1
  • qemu 1
  • virtualization_manager 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2018-17474 critical 9.5 multiple issues in chromium arch
CVE-2018-18646 critical 9.5 multiple issues in gitlab arch
CVE-2018-18345 critical 9.5 multiple issues in chromium archdebian
CVE-2018-1000085 critical 9.5 ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit cha… archsusedebian
CVE-2018-18343 critical 9.5 multiple issues in chromium archdebian
CVE-2018-5163 critical 9.5 If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode… archdebian
CVE-2018-17476 critical 9.5 multiple issues in chromium arch
CVE-2018-17467 critical 9.5 multiple issues in chromium arch
CVE-2018-6092 critical 9.5 multiple issues in chromium arch
CVE-2018-6090 critical 9.5 multiple issues in chromium arch
CVE-2018-18342 critical 9.5 multiple issues in chromium archdebian
CVE-2018-18350 critical 9.5 multiple issues in chromium archdebian
CVE-2018-18355 critical 9.5 multiple issues in chromium archdebian
CVE-2018-6094 critical 9.5 multiple issues in chromium arch
CVE-2018-17470 critical 9.5 multiple issues in chromium arch
CVE-2018-6085 critical 9.5 multiple issues in chromium arch
CVE-2018-5173 critical 9.5 The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially exe… archdebian
CVE-2018-11358 critical 9.5 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet pre… archsusedebian
CVE-2018-5179 critical 9.5 multiple issues in chromium arch
CVE-2018-5154 critical 9.5 A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < … archdebian
CVE-2018-18354 critical 9.5 multiple issues in chromium archdebian
CVE-2018-6113 critical 9.5 multiple issues in chromium arch
CVE-2018-18648 critical 9.5 multiple issues in gitlab arch
CVE-2018-12373 critical 9.5 dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. archsusedebian
CVE-2018-12401 critical 9.5 Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnera… archdebian
CVE-2018-6102 critical 9.5 multiple issues in chromium arch
CVE-2018-11233 critical 9.5 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. archdebian
CVE-2018-17469 critical 9.5 multiple issues in chromium arch
CVE-2018-12398 critical 9.5 By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63. archdebian
CVE-2018-10933 critical 9.5 A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unautho… archsusedebian
CVE-2018-1000301 critical 9.5 curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end o… archdebian
CVE-2018-18347 critical 9.5 multiple issues in chromium archdebian
CVE-2018-12399 critical 9.5 When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approvin… archdebian
CVE-2018-1057 critical 9.5 On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' … archdebian
CVE-2018-17468 critical 9.5 multiple issues in chromium arch
CVE-2018-6107 critical 9.5 multiple issues in chromium arch
CVE-2018-18338 critical 9.5 multiple issues in chromium archdebian
CVE-2018-6118 critical 9.5 arbitrary code execution in chromium arch
CVE-2018-12383 critical 9.5 If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not de… archdebian
CVE-2018-18640 critical 9.5 multiple issues in gitlab arch
CVE-2018-17465 critical 9.5 multiple issues in chromium arch
CVE-2018-5164 critical 9.5 Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block… archdebian
CVE-2018-12388 critical 9.5 Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of… archdebian
CVE-2018-18359 critical 9.5 multiple issues in chromium archdebian
CVE-2018-5159 critical 9.5 An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially e… archdebian
CVE-2018-18353 critical 9.5 multiple issues in chromium archdebian
CVE-2018-10528 critical 9.5 An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. archdebian
CVE-2018-6096 critical 9.5 multiple issues in chromium arch
CVE-2018-5180 critical 9.5 A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief… archdebian
CVE-2018-5176 critical 9.5 The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" link… archdebian
CVE-2018-10529 critical 9.5 An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. archdebian
CVE-2018-12389 critical 9.5 Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that s… archdebian
CVE-2018-18356 critical 9.5 multiple issues in chromium archdebiansuse
CVE-2018-6111 critical 9.5 multiple issues in chromium arch
CVE-2018-17466 critical 9.5 multiple issues in chromium archsusedebian
CVE-2018-18649 critical 9.5 multiple issues in gitlab arch
CVE-2018-5177 critical 9.5 A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affect… archdebian
CVE-2018-6091 critical 9.5 multiple issues in chromium arch
CVE-2018-18340 critical 9.5 multiple issues in chromium archdebian
CVE-2018-18643 critical 9.5 multiple issues in gitlab arch
CVE-2018-12359 critical 9.5 A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundari… archsusedebian
CVE-2018-12361 critical 9.5 An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which resul… archsusedebian
CVE-2018-18352 critical 9.5 multiple issues in chromium archdebian
CVE-2018-6117 critical 9.5 multiple issues in chromium arch
CVE-2018-5170 critical 9.5 It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. Thi… archdebian
CVE-2018-18500 critical 9.5 A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a pote… archsusedebian
CVE-2018-18337 critical 9.5 multiple issues in chromium archdebian
CVE-2018-19628 critical 9.5 In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. archdebian
CVE-2018-6099 critical 9.5 multiple issues in chromium arch
CVE-2018-1050 critical 9.5 All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on … archsusedebian
CVE-2018-18358 critical 9.5 multiple issues in chromium archdebian
CVE-2018-6095 critical 9.5 multiple issues in chromium arch
CVE-2018-5161 critical 9.5 Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. archdebian
CVE-2018-12403 critical 9.5 If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. archsusedebian
CVE-2018-17473 critical 9.5 multiple issues in chromium arch
CVE-2018-6089 critical 9.5 multiple issues in chromium arch
CVE-2018-19627 critical 9.5 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. archdebian
CVE-2018-19624 critical 9.5 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. archsusedebian
CVE-2018-19626 critical 9.5 In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. archsusedebian
CVE-2018-6109 critical 9.5 multiple issues in chromium arch
CVE-2018-18357 critical 9.5 multiple issues in chromium archdebian
CVE-2018-17464 critical 9.5 multiple issues in chromium arch
CVE-2018-18336 critical 9.5 multiple issues in chromium archdebian
CVE-2018-6106 critical 9.5 multiple issues in chromium arch
CVE-2018-18349 critical 9.5 multiple issues in chromium archdebian
CVE-2018-5185 critical 9.5 Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. archdebian
CVE-2018-18344 critical 9.5 multiple issues in chromium archdebian
CVE-2018-5184 critical 9.5 Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. archdebian
CVE-2018-17462 critical 9.5 multiple issues in chromium arch
CVE-2018-6098 critical 9.5 multiple issues in chromium arch
CVE-2018-18346 critical 9.5 multiple issues in chromium archdebian
CVE-2018-11356 critical 9.5 In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in … archsusedebian
CVE-2018-6103 critical 9.5 multiple issues in chromium arch
CVE-2018-6100 critical 9.5 multiple issues in chromium arch
CVE-2018-5152 critical 9.5 WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For exa… archdebian
CVE-2018-18509 critical 9.5 A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signatur… archdebian
CVE-2018-18502 critical 9.5 Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of… archsusedebian
CVE-2018-12397 critical 9.5 A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to … archsusedebian
CVE-2018-18335 critical 9.5 multiple issues in chromium archdebiansuse
CVE-2018-18645 critical 9.5 multiple issues in gitlab arch