CVEs from 2018
Total
3,289
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
6.8%
% with KEV
2.7%
% with exploit
2.8%
Top vendors
- frappe 4
- redhat 2
- magix 1
- mybb 1
- gitbucket 1
- qemu 1
- dragonexpert 1
- kingsoftstore 1
Top products
- erpnext 4
- terminal_services_manager 1
- ultraiso 1
- dolibarr_erp\/crm 1
- gitbucket 1
- pdfunite 1
- qemu 1
- virtualization_manager 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2018-0488 | high | — | 8.0 | — | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap c… | |
| CVE-2018-0487 | high | — | 8.0 | — | ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mi… | |
| CVE-2018-0497 | high | — | 8.0 | — | ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vu… | |
| CVE-2018-1000051 | high | — | 8.0 | — | Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a … | |
| CVE-2018-6187 | high | — | 8.0 | — | In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cau… | |
| CVE-2018-5686 | high | — | 8.0 | — | In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vul… | |
| CVE-2018-6192 | high | — | 8.0 | — | In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | |
| CVE-2018-6544 | high | — | 8.0 | — | pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of servi… | |
| CVE-2018-14360 | high | — | 8.0 | — | An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage. | |
| CVE-2018-20592 | high | — | 8.0 | — | In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted … | |
| CVE-2018-18647 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2018-20360 | high | — | 8.0 | — | An invalid memory address dereference was discovered in the sbr_process_channel function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentati… | |
| CVE-2018-7050 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick. | |
| CVE-2018-1000877 | high | — | 8.0 | — | libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_form… | |
| CVE-2018-1121 | high | — | 8.0 | — | procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can us… | |
| CVE-2018-1120 | high | — | 8.0 | — | A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can ca… | |
| CVE-2018-3620 | high | — | 8.0 | — | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user acc… | |
| CVE-2018-3646 | high | — | 8.0 | — | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user acc… | |
| CVE-2018-5390 | high | — | 8.0 | — | Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | |
| CVE-2018-5391 | high | — | 8.0 | — | The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service … | |
| CVE-2018-14325 | high | — | 8.0 | — | multiple issues in libmp4v2 | |
| CVE-2018-14403 | high | — | 8.0 | — | multiple issues in libmp4v2 | |
| CVE-2018-5745 | high | — | 8.0 | — | "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the manage… | |
| CVE-2018-7225 | high | — | 8.0 | — | An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive d… | |
| CVE-2018-20004 | high | — | 8.0 | — | An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<ord… | |
| CVE-2018-5744 | high | — | 8.0 | — | A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, a… | |
| CVE-2018-6574 | high | — | 8.0 | 4y ago | Remote command execution via "go get" command with cgo in cmd/go | |
| CVE-2018-16873 | high | — | 8.0 | 4y ago | Remote command execution via "go get" with "-u" flag in cmd/go | |
| CVE-2018-16874 | high | — | 8.0 | 4y ago | Directory traversal via "go get" command in cmd/go | |
| CVE-2018-16875 | high | — | 8.0 | 4y ago | Denial of service in chain verification in crypto/x509 | |
| CVE-2018-20303 | high | — | 8.0 | 4y ago | Gogs Directory Traversal | |
| CVE-2018-1999006 | high | — | 8.0 | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |
| CVE-2018-7408 | high | — | 8.0 | 4y ago | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's bl… | |
| CVE-2018-1999007 | high | — | 8.0 | 4y ago | Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin | |
| CVE-2018-1999004 | high | — | 8.0 | 4y ago | Incorrect Authorization in Jenkins | |
| CVE-2018-1999002 | high | — | 8.0 | 4y ago | Improper Input Validation in Jenkins | |
| CVE-2018-1999005 | high | — | 8.0 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2018-1999001 | high | — | 8.0 | 4y ago | Improper Input Validation in Jenkins | |
| CVE-2018-1999003 | high | — | 8.0 | 4y ago | Incorrect Authorization in Jenkins | |
| CVE-2018-25032 | high | — | 8.0 | 4y ago | Important: mingw-zlib security update | |
| CVE-2018-8037 | high | — | 8.0 | 8y ago | Apache Tomcat Race Condition vulnerability | |
| CVE-2018-8034 | high | — | 8.0 | 8y ago | The host name verification missing in Apache Tomcat | |
| CVE-2018-8014 | high | — | 8.0 | 8y ago | The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins | |
| CVE-2018-11784 | high | — | 8.0 | 8y ago | Apache Tomcat Open Redirect vulnerability | |
| CVE-2018-12086 | high | — | 8.0 | 8y ago | Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | |
| CVE-2018-25302 | high | 7.8 | 7.8 | 29d ago | Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a ma… | |
| CVE-2018-25261 | high | 7.8 | 7.8 | 1mo ago | Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious… | |
| CVE-2018-25260 | high | 7.8 | 7.8 | 1mo ago | MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. A… | |
| CVE-2018-25259 | high | 7.8 | 7.8 | 1mo ago | Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception… | |
| CVE-2018-25213 | high | 7.8 | 7.8 | 2mo ago | Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. At… | |
| CVE-2018-6400 | high | 7.8 | 7.8 | 8y ago | Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecur… | |
| CVE-2018-25374 | high | 7.5 | 7.5 | 3d ago | Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers … | |
| CVE-2018-25368 | high | 7.5 | 7.5 | 3d ago | Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers ca… | |
| CVE-2018-25365 | high | 7.5 | 7.5 | 3d ago | PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use pat… | |
| CVE-2018-25358 | high | 7.5 | 7.5 | 5d ago | D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST req… | |
| CVE-2018-25329 | high | 7.5 | 7.5 | 11d ago | WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attack… | |
| CVE-2018-25326 | high | 7.5 | 7.5 | 11d ago | Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parame… | |
| CVE-2018-25325 | high | 7.5 | 7.5 | 11d ago | Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX … | |
| CVE-2018-17958 | high | 7.5 | 7.5 | 8y ago | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | |
| CVE-2018-25381 | high | 7.1 | 7.1 | 3d ago | Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can injec… | |
| CVE-2018-25380 | high | 7.1 | 7.1 | 3d ago | Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_s… | |
| CVE-2018-25352 | high | 7.1 | 7.1 | 5d ago | WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code th… | |
| CVE-2018-25347 | high | 7.1 | 7.1 | 5d ago | WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_f… | |
| CVE-2018-25346 | high | 7.1 | 7.1 | 5d ago | WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMa… | |
| CVE-2018-25319 | high | 7.1 | 7.1 | 11d ago | Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Att… | |
| CVE-2018-25207 | high | 7.1 | 7.1 | 2mo ago | Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POS… | |
| CVE-2018-25361 | medium | 6.8 | 6.8 | 3d ago | Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption k… | |
| CVE-2018-10622 | medium | 6.8 | 6.8 | 8y ago | Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data. | |
| CVE-2018-25312 | medium | 6.5 | 6.5 | 29d ago | LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interfac… | |
| CVE-2018-25311 | medium | 6.5 | 6.5 | 29d ago | VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path trav… | |
| CVE-2018-25378 | medium | 6.2 | 6.2 | 3d ago | Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can crea… | |
| CVE-2018-25369 | medium | 6.2 | 6.2 | 3d ago | Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious p… | |
| CVE-2018-25367 | medium | 6.2 | 6.2 | 3d ago | NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can tri… | |
| CVE-2018-25324 | medium | 6.2 | 6.2 | 11d ago | Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspat… | |
| CVE-2018-25313 | medium | 6.2 | 6.2 | 29d ago | SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can in… | |
| CVE-2018-25305 | medium | 6.2 | 6.2 | 29d ago | librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the… | |
| CVE-2018-25349 | medium | 6.1 | 6.1 | 5d ago | userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the ba… | |
| CVE-2018-25331 | medium | 6.1 | 6.1 | 11d ago | Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attac… | |
| CVE-2018-25309 | medium | 6.1 | 6.1 | 29d ago | MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can creat… | |
| CVE-2018-25269 | medium | 6.1 | 6.1 | 1mo ago | ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed … | |
| CVE-2018-25247 | medium | 6.1 | 6.1 | 2mo ago | MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerability. Authenticated attackers can inject script payloads into post or thread subjects; when other users view a profile that disp… | |
| CVE-2018-18520 | medium | — | 5.5 | — | An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes… | |
| CVE-2018-1311 | medium | — | 5.5 | — | The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library… | |
| CVE-2018-1000005 | medium | — | 5.5 | — | libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess… | |
| CVE-2018-16230 | medium | — | 5.5 | — | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). | |
| CVE-2018-20103 | medium | — | 5.5 | — | An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a lon… | |
| CVE-2018-5207 | medium | — | 5.5 | — | When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. | |
| CVE-2018-1301 | medium | — | 5.5 | — | multiple issues in apache | |
| CVE-2018-1303 | medium | — | 5.5 | — | multiple issues in apache | |
| CVE-2018-8000 | medium | — | 5.5 | — | multiple issues in podofo | |
| CVE-2018-0739 | medium | — | 5.5 | — | Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of … | |
| CVE-2018-20846 | medium | — | 5.5 | — | Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to caus… | |
| CVE-2018-6954 | medium | — | 5.5 | — | systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of … | |
| CVE-2018-1312 | medium | — | 5.5 | — | multiple issues in apache | |
| CVE-2018-1333 | medium | — | 5.5 | — | denial of service in apache | |
| CVE-2018-19432 | medium | — | 5.5 | — | An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. | |
| CVE-2018-1126 | medium | — | 5.5 | — | procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. | |
| CVE-2018-7549 | medium | — | 5.5 | — | In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. | |
| CVE-2018-7725 | medium | — | 5.5 | — | An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial … | |
| CVE-2018-14467 | medium | — | 5.5 | — | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). |