VIR Vulnerability Intelligence Relay

CVEs from 2018

3,853 normalized CVEs published or assigned in this year.

Total
3,853
critical
critical 224
high
high 267
medium
medium 224
low
low 32
% Critical
5.8%
% with KEV
2.3%
% with exploit
2.4%

Top vendors

Top products

  • erpnext 4
  • terminal_services_manager 1
  • ultraiso 1
  • dolibarr_erp\/crm 1
  • gitbucket 1
  • pdfunite 1
  • qemu 1
  • virtualization_manager 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2018-6540 medium 5.5 In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a… archsusedebian
CVE-2018-10103 medium 5.5 tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). suserockylinuxdebian
CVE-2018-10779 medium 5.5 TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. archsusedebian
CVE-2018-14469 medium 5.5 The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). suserockylinuxdebian
CVE-2018-14882 medium 5.5 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. suserockylinuxdebian
CVE-2018-5730 medium 5.5 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerd… archsusedebian
CVE-2018-8000 medium 5.5 multiple issues in podofo archsuse
CVE-2018-1122 medium 5.5 procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege esca… archsusedebian
CVE-2018-20781 medium 5.5 In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. archsusedebian
CVE-2018-0739 medium 5.5 Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of … archsusedebian
CVE-2018-7549 medium 5.5 In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. archsusedebian
CVE-2018-18520 medium 5.5 An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes… archsusedebian
CVE-2018-9251 medium 5.5 The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERR… archsusedebian
CVE-2018-1000135 medium 5.5 GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, w… archsusedebian
CVE-2018-1126 medium 5.5 procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. archsusedebian
CVE-2018-20846 medium 5.5 Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to caus… archsusedebian
CVE-2018-16866 medium 5.5 An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Version… archsusedebian
CVE-2018-6484 medium 5.5 In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of se… archsusedebian
CVE-2018-6869 medium 5.5 In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a den… archsusedebian
CVE-2018-7726 medium 5.5 An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service … archsusedebian
CVE-2018-16376 medium 5.5 An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may… archsusedebian
CVE-2018-8011 medium 5.5 denial of service in apache debianarchsuse
CVE-2018-14463 medium 5.5 The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. suserockylinuxdebian
CVE-2018-16300 medium 5.5 The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. suserockylinuxdebian
CVE-2018-14464 medium 5.5 The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). suserockylinuxdebian
CVE-2018-5729 medium 5.5 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container ch… archsusedebian
CVE-2018-1302 medium 5.5 multiple issues in apache debianarchsuse
CVE-2018-5295 medium 5.5 In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause … archsusedebian
CVE-2018-5309 medium 5.5 In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerabi… archsusedebian
CVE-2018-25306 medium 5.5 5.5 28d ago PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmen…
CVE-2018-25267 medium 5.5 5.5 1mo ago UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attacker…
CVE-2018-17828 medium 5.5 7mo ago Moderate: zziplib security update redhatsuserockylinuxdebian
CVE-2018-15209 medium 5.5 2y ago Moderate: libtiff security update suserockylinuxdebian
CVE-2018-18624 medium 5.5 4y ago Moderate: grafana security, bug fix, and enhancement update susegolang
CVE-2018-7260 medium 5.5 4y ago Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. archdebianphp
CVE-2018-13258 medium 5.5 4y ago Mediawiki tarball is missing .htaccess files archdebianphp
CVE-2018-1000120 medium 5.5 4y ago curl FTP path confusion leads to NIL byte out of bounds write archsusedebiannuget
CVE-2018-1999043 medium 5.5 4y ago Missing Release of Resource after Effective Lifetime in Jenkins archjava
CVE-2018-0503 medium 5.5 4y ago Mediawiki Improper Privilege Management archdebianphp
CVE-2018-0505 medium 5.5 4y ago Mediawiki BotPassword can bypass CentralAuth's account lock archdebianphp
CVE-2018-14773 medium 5.5 4y ago An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises … archdebianphp
CVE-2018-14040 medium 5.5 4y ago Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update rockylinuxdebianrubynpm+3
CVE-2018-5785 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-20845 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-20847 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-5727 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-25009 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25010 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25013 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25014 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25012 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-21247 medium 5.5 5y ago Moderate: libvncserver security update suserockylinuxdebian
CVE-2018-17199 medium 5.5 5y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchsuserockylinux
CVE-2018-20843 medium 5.5 6y ago Moderate: mingw-expat security update susedebianrockylinux
CVE-2018-17189 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchsuserockylinux
CVE-2018-11782 medium 5.5 6y ago Moderate: subversion:1.10 security update archsuserockylinuxdebian
CVE-2018-21035 medium 5.5 6y ago Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update suserockylinuxdebian
CVE-2018-14553 medium 5.5 6y ago Moderate: gd security update susedebianrockylinux
CVE-2018-1000858 medium 5.5 6y ago Moderate: gnupg2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-20337 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-11684 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-11685 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-12085 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-11577 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-19871 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-19869 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-19872 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-13139 medium 5.5 6y ago Moderate: libsndfile security update archsusedebianrockylinux
CVE-2018-19662 medium 5.5 6y ago Moderate: libsndfile security update archdebianrockylinux
CVE-2018-20783 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2018-20852 medium 5.5 6y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-17581 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-10772 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-17230 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-9305 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-19607 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-14338 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update debianrockylinux
CVE-2018-4868 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-19535 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-17229 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-18915 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-19107 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-19108 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-9303 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-9304 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-9306 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update rockylinuxalmalinux
CVE-2018-17282 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-11037 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update debianrockylinux
CVE-2018-14498 medium 5.5 7y ago Moderate: libjpeg-turbo security update susedebianrockylinux
CVE-2018-19800 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. debianarchpython
CVE-2018-19802 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. debianarchpython
CVE-2018-19801 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. debianarchpython
CVE-2018-20676 medium 5.5 8y ago Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update rockylinuxdebianrubynpm+3
CVE-2018-20677 medium 5.5 8y ago Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update rockylinuxdebianrubynpm+3
CVE-2018-7536 medium 5.5 8y ago An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastroph… archdebianpython
CVE-2018-7537 medium 5.5 8y ago An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they w… archsusedebianpython
CVE-2018-20060 medium 5.5 8y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebianpython
CVE-2018-20096 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython
CVE-2018-20097 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython
CVE-2018-20098 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython