VIR Vulnerability Intelligence Relay

CVEs from 2018

3,289 normalized CVEs published or assigned in this year.

Total
3,289
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
6.8%
% with KEV
2.7%
% with exploit
2.8%

Top vendors

Top products

  • erpnext 4
  • terminal_services_manager 1
  • ultraiso 1
  • dolibarr_erp\/crm 1
  • gitbucket 1
  • pdfunite 1
  • qemu 1
  • virtualization_manager 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2018-11256 medium 5.5 An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and appli… archsusedebian
CVE-2018-0739 medium 5.5 Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of … archsusedebian
CVE-2018-16866 medium 5.5 An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Version… archsusedebian
CVE-2018-5729 medium 5.5 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container ch… archsusedebian
CVE-2018-19758 medium 5.5 There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. archsusedebian
CVE-2018-10851 medium 5.5 PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed rec… archsusedebian
CVE-2018-1312 medium 5.5 multiple issues in apache debianarchsuse
CVE-2018-1333 medium 5.5 denial of service in apache debianarchsuse
CVE-2018-1000121 medium 5.5 A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service archsusedebian
CVE-2018-1123 medium 5.5 procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the … archsusedebian
CVE-2018-1283 medium 5.5 multiple issues in apache debianarchsuse
CVE-2018-1126 medium 5.5 procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. archsusedebian
CVE-2018-7549 medium 5.5 In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. archsusedebian
CVE-2018-7725 medium 5.5 An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial … archsusedebian
CVE-2018-14467 medium 5.5 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). suserockylinuxdebian
CVE-2018-14466 medium 5.5 The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). suserockylinuxdebian
CVE-2018-16227 medium 5.5 The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. suserockylinuxdebian
CVE-2018-14461 medium 5.5 The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). suserockylinuxdebian
CVE-2018-14626 medium 5.5 PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of ser… archsusedebian
CVE-2018-16229 medium 5.5 The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). suserockylinuxdebian
CVE-2018-10195 medium 5.5 lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around. archsusedebian
CVE-2018-6542 medium 5.5 In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. archsusedebian
CVE-2018-14644 medium 5.5 An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DN… archsusedebian
CVE-2018-5208 medium 5.5 In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. archdebian
CVE-2018-1000122 medium 5.5 A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage archsusedebian
CVE-2018-19591 medium 5.5 In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related t… archdebian
CVE-2018-1311 medium 5.5 The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library… archsusedebian
CVE-2018-1000005 medium 5.5 libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess… archdebian
CVE-2018-13405 medium 5.5 The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certai… suserockylinuxdebian
CVE-2018-25306 medium 5.5 5.5 29d ago PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmen… ubuntu
CVE-2018-25267 medium 5.5 5.5 1mo ago UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attacker…
CVE-2018-17828 medium 5.5 7mo ago Moderate: zziplib security update redhatsuserockylinuxdebian
CVE-2018-15209 medium 5.5 2y ago Moderate: libtiff security update suserockylinuxdebian
CVE-2018-18624 medium 5.5 4y ago Moderate: grafana security, bug fix, and enhancement update susegolang
CVE-2018-7260 medium 5.5 4y ago Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. archdebianphp
CVE-2018-13258 medium 5.5 4y ago Mediawiki tarball is missing .htaccess files archdebianphp
CVE-2018-1000120 medium 5.5 4y ago curl FTP path confusion leads to NIL byte out of bounds write archsusedebiannuget
CVE-2018-1999043 medium 5.5 4y ago Missing Release of Resource after Effective Lifetime in Jenkins archjava
CVE-2018-0503 medium 5.5 4y ago Mediawiki Improper Privilege Management archdebianphp
CVE-2018-0505 medium 5.5 4y ago Mediawiki BotPassword can bypass CentralAuth's account lock archdebianphp
CVE-2018-14773 medium 5.5 4y ago An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises … archdebianphp
CVE-2018-14040 medium 5.5 4y ago Bootstrap vulnerable to Cross-Site Scripting (XSS) rockylinuxdebianrubynpm+3
CVE-2018-5727 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-20847 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-20845 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-5785 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-25014 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25010 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25013 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25012 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25009 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-21247 medium 5.5 5y ago Moderate: libvncserver security update suserockylinuxdebian
CVE-2018-17199 medium 5.5 5y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchsuserockylinux
CVE-2018-20843 medium 5.5 6y ago In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enoug… susedebianrockylinux
CVE-2018-17189 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchsuserockylinux
CVE-2018-11782 medium 5.5 6y ago Moderate: subversion:1.10 security update archsuserockylinuxdebian
CVE-2018-21035 medium 5.5 6y ago Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update suserockylinuxdebian
CVE-2018-14553 medium 5.5 6y ago Moderate: gd security update susedebianrockylinux
CVE-2018-1000858 medium 5.5 6y ago Moderate: gnupg2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-20337 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-11577 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-12085 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-11685 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-11684 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-19871 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-19872 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-19869 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-19662 medium 5.5 6y ago Moderate: libsndfile security update archdebianrockylinux
CVE-2018-13139 medium 5.5 6y ago Moderate: libsndfile security update archsusedebianrockylinux
CVE-2018-20783 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2018-20852 medium 5.5 6y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-9306 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update rockylinuxalmalinux
CVE-2018-17230 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-19607 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-17282 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-17581 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-4868 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-18915 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-19535 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-19108 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-14338 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update debianrockylinux
CVE-2018-9304 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-9303 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-9305 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-10772 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-19107 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-17229 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-11037 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update debianrockylinux
CVE-2018-14498 medium 5.5 7y ago Moderate: libjpeg-turbo security update susedebianrockylinux
CVE-2018-19800 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. debianarchpython
CVE-2018-19802 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. debianarchpython
CVE-2018-19801 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. debianarchpython
CVE-2018-20677 medium 5.5 8y ago bootstrap Cross-site Scripting vulnerability rockylinuxdebianrubynpm+3
CVE-2018-20676 medium 5.5 8y ago XSS vulnerability that affects bootstrap rockylinuxdebianrubynpm+3
CVE-2018-7536 medium 5.5 8y ago An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastroph… archdebianpython
CVE-2018-7537 medium 5.5 8y ago An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they w… archsusedebianpython
CVE-2018-20060 medium 5.5 8y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebianpython
CVE-2018-20098 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython
CVE-2018-20096 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython
CVE-2018-20097 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython