VIR Vulnerability Intelligence Relay

CVEs from 2018

3,289 normalized CVEs published or assigned in this year.

Total
3,289
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
6.8%
% with KEV
2.7%
% with exploit
2.8%

Top vendors

Top products

  • erpnext 4
  • terminal_services_manager 1
  • ultraiso 1
  • dolibarr_erp\/crm 1
  • gitbucket 1
  • pdfunite 1
  • qemu 1
  • virtualization_manager 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2018-19591 medium 5.5 In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related t… archdebian
CVE-2018-19661 medium 5.5 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. archdebian
CVE-2018-12606 medium 5.5 multiple issues in gitlab arch
CVE-2018-12607 medium 5.5 multiple issues in gitlab arch
CVE-2018-11805 medium 5.5 In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In additio… archdebian
CVE-2018-19758 medium 5.5 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. archsusedebian
CVE-2018-7726 medium 5.5 An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service … archsusedebian
CVE-2018-6869 medium 5.5 In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a den… archsusedebian
CVE-2018-6484 medium 5.5 In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of se… archsusedebian
CVE-2018-16866 medium 5.5 An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Version… archsusedebian
CVE-2018-8000 medium 5.5 multiple issues in podofo archsuse
CVE-2018-14882 medium 5.5 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. suserockylinuxdebian
CVE-2018-10779 medium 5.5 TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. archsusedebian
CVE-2018-10103 medium 5.5 tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). suserockylinuxdebian
CVE-2018-6540 medium 5.5 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a… archsusedebian
CVE-2018-5296 medium 5.5 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of… archsusedebian
CVE-2018-20797 medium 5.5 An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPr… archsusedebian
CVE-2018-1303 medium 5.5 multiple issues in apache debianarchsuse
CVE-2018-1301 medium 5.5 multiple issues in apache debianarchsuse
CVE-2018-5207 medium 5.5 When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. archdebian
CVE-2018-14881 medium 5.5 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). suserockylinuxdebian
CVE-2018-14468 medium 5.5 The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). suserockylinuxdebian
CVE-2018-16451 medium 5.5 The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. suserockylinuxdebian
CVE-2018-6459 medium 5.5 The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that… archsusedebian
CVE-2018-14644 medium 5.5 An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DN… archsusedebian
CVE-2018-14470 medium 5.5 The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). suserockylinuxdebian
CVE-2018-14880 medium 5.5 The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). suserockylinuxdebian
CVE-2018-14462 medium 5.5 The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). suserockylinuxdebian
CVE-2018-14465 medium 5.5 The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). suserockylinuxdebian
CVE-2018-25306 medium 5.5 5.5 29d ago PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmen… ubuntu
CVE-2018-25267 medium 5.5 5.5 1mo ago UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attacker…
CVE-2018-17828 medium 5.5 7mo ago Moderate: zziplib security update redhatsuserockylinuxdebian
CVE-2018-15209 medium 5.5 2y ago Moderate: libtiff security update suserockylinuxdebian
CVE-2018-18624 medium 5.5 4y ago Moderate: grafana security, bug fix, and enhancement update susegolang
CVE-2018-7260 medium 5.5 4y ago Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. archdebianphp
CVE-2018-13258 medium 5.5 4y ago Mediawiki tarball is missing .htaccess files archdebianphp
CVE-2018-1000120 medium 5.5 4y ago curl FTP path confusion leads to NIL byte out of bounds write archsusedebiannuget
CVE-2018-1999043 medium 5.5 4y ago Missing Release of Resource after Effective Lifetime in Jenkins archjava
CVE-2018-0503 medium 5.5 4y ago Mediawiki Improper Privilege Management archdebianphp
CVE-2018-0505 medium 5.5 4y ago Mediawiki BotPassword can bypass CentralAuth's account lock archdebianphp
CVE-2018-14773 medium 5.5 4y ago An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises … archdebianphp
CVE-2018-14040 medium 5.5 4y ago Bootstrap vulnerable to Cross-Site Scripting (XSS) rockylinuxdebianrubynpm+3
CVE-2018-5785 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-20845 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-5727 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-20847 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-25009 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25014 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25010 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25013 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25012 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-21247 medium 5.5 5y ago Moderate: libvncserver security update suserockylinuxdebian
CVE-2018-17199 medium 5.5 5y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchsuserockylinux
CVE-2018-20843 medium 5.5 6y ago In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enoug… susedebianrockylinux
CVE-2018-17189 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchsuserockylinux
CVE-2018-11782 medium 5.5 6y ago Moderate: subversion:1.10 security update archsuserockylinuxdebian
CVE-2018-21035 medium 5.5 6y ago Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update suserockylinuxdebian
CVE-2018-14553 medium 5.5 6y ago Moderate: gd security update susedebianrockylinux
CVE-2018-1000858 medium 5.5 6y ago Moderate: gnupg2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-20337 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-11684 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-11685 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-12085 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-11577 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-19872 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-19871 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-19869 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-19662 medium 5.5 6y ago Moderate: libsndfile security update archdebianrockylinux
CVE-2018-13139 medium 5.5 6y ago Moderate: libsndfile security update archsusedebianrockylinux
CVE-2018-20783 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2018-20852 medium 5.5 6y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-9304 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-9306 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update rockylinuxalmalinux
CVE-2018-19535 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-9303 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-18915 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-9305 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-14338 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update debianrockylinux
CVE-2018-17229 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-17230 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-17282 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-19107 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-11037 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update debianrockylinux
CVE-2018-19108 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-17581 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-4868 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-19607 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-10772 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-14498 medium 5.5 7y ago Moderate: libjpeg-turbo security update susedebianrockylinux
CVE-2018-19800 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. debianarchpython
CVE-2018-19802 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. debianarchpython
CVE-2018-19801 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. debianarchpython
CVE-2018-20676 medium 5.5 8y ago XSS vulnerability that affects bootstrap rockylinuxdebianrubynpm+3
CVE-2018-20677 medium 5.5 8y ago bootstrap Cross-site Scripting vulnerability rockylinuxdebianrubynpm+3
CVE-2018-7536 medium 5.5 8y ago An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastroph… archdebianpython
CVE-2018-7537 medium 5.5 8y ago An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they w… archsusedebianpython
CVE-2018-20060 medium 5.5 8y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebianpython
CVE-2018-20099 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython
CVE-2018-20097 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython
CVE-2018-20098 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython