CVEs from 2018
Total
3,719
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
6.1%
% with KEV
2.4%
% with exploit
2.4%
Top vendors
- frappe 4
- redhat 2
- magix 1
- mybb 1
- gitbucket 1
- qemu 1
- dragonexpert 1
- kingsoftstore 1
Top products
- erpnext 4
- terminal_services_manager 1
- ultraiso 1
- dolibarr_erp\/crm 1
- gitbucket 1
- pdfunite 1
- qemu 1
- virtualization_manager 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2018-16152 | high | — | 8.0 | — | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorit… | |
| CVE-2018-12020 | high | — | 8.0 | — | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 t… | |
| CVE-2018-14356 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. | |
| CVE-2018-18225 | high | — | 8.0 | — | In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. | |
| CVE-2018-18227 | high | — | 8.0 | — | In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values. | |
| CVE-2018-5732 | high | — | 8.0 | — | Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclie… | |
| CVE-2018-1000878 | high | — | 8.0 | — | libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_f… | |
| CVE-2018-14350 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field. | |
| CVE-2018-14526 | high | — | 8.0 | — | An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker … | |
| CVE-2018-1121 | high | — | 8.0 | — | procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can us… | |
| CVE-2018-14358 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field. | |
| CVE-2018-19788 | high | — | 8.0 | — | A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. | |
| CVE-2018-15664 | high | — | 8.0 | — | In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access t… | |
| CVE-2018-5784 | high | — | 8.0 | — | In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a cr… | |
| CVE-2018-8905 | high | — | 8.0 | — | In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. | |
| CVE-2018-20712 | high | — | 8.0 | — | A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to… | |
| CVE-2018-15587 | high | — | 8.0 | — | GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated a… | |
| CVE-2018-5733 | high | — | 8.0 | — | A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash… | |
| CVE-2018-14349 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. | |
| CVE-2018-14362 | high | — | 8.0 | — | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' c… | |
| CVE-2018-18065 | high | — | 8.0 | — | _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted… | |
| CVE-2018-17182 | high | — | 8.0 | — | An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possib… | |
| CVE-2018-5390 | high | — | 8.0 | — | Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | |
| CVE-2018-5391 | high | — | 8.0 | — | The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service … | |
| CVE-2018-12356 | high | — | 8.0 | — | An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, … | |
| CVE-2018-5702 | high | — | 8.0 | — | Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and cons… | |
| CVE-2018-6574 | high | — | 8.0 | 4y ago | Remote command execution via "go get" command with cgo in cmd/go | |
| CVE-2018-16873 | high | — | 8.0 | 4y ago | Remote command execution via "go get" with "-u" flag in cmd/go | |
| CVE-2018-16874 | high | — | 8.0 | 4y ago | Directory traversal via "go get" command in cmd/go | |
| CVE-2018-16875 | high | — | 8.0 | 4y ago | Denial of service in chain verification in crypto/x509 | |
| CVE-2018-20303 | high | — | 8.0 | 4y ago | Gogs Directory Traversal | |
| CVE-2018-1999006 | high | — | 8.0 | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |
| CVE-2018-7408 | high | — | 8.0 | 4y ago | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's bl… | |
| CVE-2018-1999004 | high | — | 8.0 | 4y ago | Incorrect Authorization in Jenkins | |
| CVE-2018-1999002 | high | — | 8.0 | 4y ago | Improper Input Validation in Jenkins | |
| CVE-2018-1999007 | high | — | 8.0 | 4y ago | Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin | |
| CVE-2018-1999005 | high | — | 8.0 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2018-1999001 | high | — | 8.0 | 4y ago | Improper Input Validation in Jenkins | |
| CVE-2018-1999003 | high | — | 8.0 | 4y ago | Incorrect Authorization in Jenkins | |
| CVE-2018-25032 | high | — | 8.0 | 4y ago | Important: mingw-zlib security update | |
| CVE-2018-8037 | high | — | 8.0 | 8y ago | Apache Tomcat Race Condition vulnerability | |
| CVE-2018-8034 | high | — | 8.0 | 8y ago | The host name verification missing in Apache Tomcat | |
| CVE-2018-8014 | high | — | 8.0 | 8y ago | Important: pki-deps:10.6 security update | |
| CVE-2018-11784 | high | — | 8.0 | 8y ago | Apache Tomcat Open Redirect vulnerability | |
| CVE-2018-12086 | high | — | 8.0 | 8y ago | Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | |
| CVE-2018-25302 | high | 7.8 | 7.8 | 29d ago | Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a ma… | |
| CVE-2018-25261 | high | 7.8 | 7.8 | 1mo ago | Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious… | |
| CVE-2018-25260 | high | 7.8 | 7.8 | 1mo ago | MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. A… | |
| CVE-2018-25259 | high | 7.8 | 7.8 | 1mo ago | Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception… | |
| CVE-2018-25213 | high | 7.8 | 7.8 | 2mo ago | Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. At… | |
| CVE-2018-6400 | high | 7.8 | 7.8 | 8y ago | Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecur… | |
| CVE-2018-25374 | high | 7.5 | 7.5 | 3d ago | Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers … | |
| CVE-2018-25368 | high | 7.5 | 7.5 | 3d ago | Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers ca… | |
| CVE-2018-25365 | high | 7.5 | 7.5 | 3d ago | PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use pat… | |
| CVE-2018-25358 | high | 7.5 | 7.5 | 5d ago | D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST req… | |
| CVE-2018-25329 | high | 7.5 | 7.5 | 11d ago | WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attack… | |
| CVE-2018-25326 | high | 7.5 | 7.5 | 11d ago | Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parame… | |
| CVE-2018-25325 | high | 7.5 | 7.5 | 11d ago | Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX … | |
| CVE-2018-17958 | high | 7.5 | 7.5 | 8y ago | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | |
| CVE-2018-25381 | high | 7.1 | 7.1 | 3d ago | Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can injec… | |
| CVE-2018-25380 | high | 7.1 | 7.1 | 3d ago | Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_s… | |
| CVE-2018-25352 | high | 7.1 | 7.1 | 5d ago | WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code th… | |
| CVE-2018-25347 | high | 7.1 | 7.1 | 5d ago | WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_f… | |
| CVE-2018-25346 | high | 7.1 | 7.1 | 5d ago | WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMa… | |
| CVE-2018-25319 | high | 7.1 | 7.1 | 11d ago | Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Att… | |
| CVE-2018-25207 | high | 7.1 | 7.1 | 2mo ago | Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POS… | |
| CVE-2018-25361 | medium | 6.8 | 6.8 | 3d ago | Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption k… | |
| CVE-2018-10622 | medium | 6.8 | 6.8 | 8y ago | Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data. | |
| CVE-2018-25312 | medium | 6.5 | 6.5 | 29d ago | LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interfac… | |
| CVE-2018-25311 | medium | 6.5 | 6.5 | 29d ago | VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path trav… | |
| CVE-2018-25378 | medium | 6.2 | 6.2 | 3d ago | Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can crea… | |
| CVE-2018-25369 | medium | 6.2 | 6.2 | 3d ago | Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious p… | |
| CVE-2018-25367 | medium | 6.2 | 6.2 | 3d ago | NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can tri… | |
| CVE-2018-25324 | medium | 6.2 | 6.2 | 11d ago | Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspat… | |
| CVE-2018-25313 | medium | 6.2 | 6.2 | 29d ago | SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can in… | |
| CVE-2018-25305 | medium | 6.2 | 6.2 | 29d ago | librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the… | |
| CVE-2018-25349 | medium | 6.1 | 6.1 | 5d ago | userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the ba… | |
| CVE-2018-25331 | medium | 6.1 | 6.1 | 11d ago | Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attac… | |
| CVE-2018-25309 | medium | 6.1 | 6.1 | 29d ago | MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can creat… | |
| CVE-2018-25269 | medium | 6.1 | 6.1 | 1mo ago | ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed … | |
| CVE-2018-25247 | medium | 6.1 | 6.1 | 2mo ago | MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerability. Authenticated attackers can inject script payloads into post or thread subjects; when other users view a profile that disp… | |
| CVE-2018-5730 | medium | — | 5.5 | — | MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerd… | |
| CVE-2018-18521 | medium | — | 5.5 | — | Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as dem… | |
| CVE-2018-6542 | medium | — | 5.5 | — | In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. | |
| CVE-2018-18310 | medium | — | 5.5 | — | An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (applicatio… | |
| CVE-2018-16229 | medium | — | 5.5 | — | The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). | |
| CVE-2018-11255 | medium | — | 5.5 | — | An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and applic… | |
| CVE-2018-14626 | medium | — | 5.5 | — | PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of ser… | |
| CVE-2018-7725 | medium | — | 5.5 | — | An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial … | |
| CVE-2018-7549 | medium | — | 5.5 | — | In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. | |
| CVE-2018-1000035 | medium | — | 5.5 | — | A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve co… | |
| CVE-2018-1312 | medium | — | 5.5 | — | multiple issues in apache | |
| CVE-2018-19758 | medium | — | 5.5 | — | There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service. | |
| CVE-2018-5729 | medium | — | 5.5 | — | MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container ch… | |
| CVE-2018-14464 | medium | — | 5.5 | — | The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). | |
| CVE-2018-16300 | medium | — | 5.5 | — | The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. | |
| CVE-2018-14463 | medium | — | 5.5 | — | The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. | |
| CVE-2018-8000 | medium | — | 5.5 | — | multiple issues in podofo | |
| CVE-2018-16230 | medium | — | 5.5 | — | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). | |
| CVE-2018-14882 | medium | — | 5.5 | — | The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. |