CVEs from 2018
Total
3,289
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
6.8%
% with KEV
2.7%
% with exploit
2.8%
Top vendors
- frappe 4
- redhat 2
- magix 1
- mybb 1
- gitbucket 1
- qemu 1
- dragonexpert 1
- kingsoftstore 1
Top products
- erpnext 4
- terminal_services_manager 1
- ultraiso 1
- dolibarr_erp\/crm 1
- gitbucket 1
- pdfunite 1
- qemu 1
- virtualization_manager 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2018-16857 | high | — | 8.0 | — | Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch f… | |
| CVE-2018-7409 | high | — | 8.0 | — | In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. | |
| CVE-2018-7184 | high | — | 8.0 | — | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero… | |
| CVE-2018-6148 | high | — | 8.0 | — | access restriction bypass in chromium | |
| CVE-2018-1058 | high | — | 8.0 | — | privilege escalation in postgresql | |
| CVE-2018-6149 | high | — | 8.0 | — | arbitrary code execution in chromium | |
| CVE-2018-16151 | high | — | 8.0 | — | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded al… | |
| CVE-2018-20174 | high | — | 8.0 | — | rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak. | |
| CVE-2018-14379 | high | — | 8.0 | — | multiple issues in libmp4v2 | |
| CVE-2018-7456 | high | — | 8.0 | — | A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.… | |
| CVE-2018-10857 | high | — | 8.0 | — | git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on loca… | |
| CVE-2018-16152 | high | — | 8.0 | — | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorit… | |
| CVE-2018-11210 | high | — | 8.0 | — | TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use … | |
| CVE-2018-1000877 | high | — | 8.0 | — | libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_form… | |
| CVE-2018-1000880 | high | — | 8.0 | — | libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read… | |
| CVE-2018-14326 | high | — | 8.0 | — | multiple issues in libmp4v2 | |
| CVE-2018-14361 | high | — | 8.0 | — | An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data. | |
| CVE-2018-18644 | high | — | 8.0 | — | multiple issues in gitlab | |
| CVE-2018-7054 | high | — | 8.0 | — | An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix fo… | |
| CVE-2018-18226 | high | — | 8.0 | — | In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approa… | |
| CVE-2018-25011 | high | — | 8.0 | — | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | |
| CVE-2018-10900 | high | — | 8.0 | — | Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into … | |
| CVE-2018-15587 | high | — | 8.0 | — | GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated a… | |
| CVE-2018-1000879 | high | — | 8.0 | — | libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c… | |
| CVE-2018-6126 | high | — | 8.0 | — | A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |
| CVE-2018-7225 | high | — | 8.0 | — | An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive d… | |
| CVE-2018-6574 | high | — | 8.0 | 4y ago | Remote command execution via "go get" command with cgo in cmd/go | |
| CVE-2018-16873 | high | — | 8.0 | 4y ago | Remote command execution via "go get" with "-u" flag in cmd/go | |
| CVE-2018-16874 | high | — | 8.0 | 4y ago | Directory traversal via "go get" command in cmd/go | |
| CVE-2018-16875 | high | — | 8.0 | 4y ago | Denial of service in chain verification in crypto/x509 | |
| CVE-2018-20303 | high | — | 8.0 | 4y ago | Gogs Directory Traversal | |
| CVE-2018-1999006 | high | — | 8.0 | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |
| CVE-2018-7408 | high | — | 8.0 | 4y ago | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's bl… | |
| CVE-2018-1999007 | high | — | 8.0 | 4y ago | Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin | |
| CVE-2018-1999002 | high | — | 8.0 | 4y ago | Improper Input Validation in Jenkins | |
| CVE-2018-1999004 | high | — | 8.0 | 4y ago | Incorrect Authorization in Jenkins | |
| CVE-2018-1999005 | high | — | 8.0 | 4y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |
| CVE-2018-1999001 | high | — | 8.0 | 4y ago | Improper Input Validation in Jenkins | |
| CVE-2018-1999003 | high | — | 8.0 | 4y ago | Incorrect Authorization in Jenkins | |
| CVE-2018-25032 | high | — | 8.0 | 4y ago | Important: mingw-zlib security update | |
| CVE-2018-8037 | high | — | 8.0 | 8y ago | Apache Tomcat Race Condition vulnerability | |
| CVE-2018-8034 | high | — | 8.0 | 8y ago | The host name verification missing in Apache Tomcat | |
| CVE-2018-8014 | high | — | 8.0 | 8y ago | The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins | |
| CVE-2018-11784 | high | — | 8.0 | 8y ago | Apache Tomcat Open Redirect vulnerability | |
| CVE-2018-12086 | high | — | 8.0 | 8y ago | Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests. | |
| CVE-2018-25302 | high | 7.8 | 7.8 | 29d ago | Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception handling (SEH) based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a ma… | |
| CVE-2018-25261 | high | 7.8 | 7.8 | 1mo ago | Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious… | |
| CVE-2018-25260 | high | 7.8 | 7.8 | 1mo ago | MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. A… | |
| CVE-2018-25259 | high | 7.8 | 7.8 | 1mo ago | Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception… | |
| CVE-2018-25213 | high | 7.8 | 7.8 | 2mo ago | Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. At… | |
| CVE-2018-6400 | high | 7.8 | 7.8 | 8y ago | Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\.\pipe\WPSCloudSvr\WpsCloudSvr -- an "insecur… | |
| CVE-2018-25374 | high | 7.5 | 7.5 | 3d ago | Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers … | |
| CVE-2018-25368 | high | 7.5 | 7.5 | 3d ago | Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers ca… | |
| CVE-2018-25365 | high | 7.5 | 7.5 | 3d ago | PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use pat… | |
| CVE-2018-25358 | high | 7.5 | 7.5 | 5d ago | D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the table_name parameter in POST req… | |
| CVE-2018-25329 | high | 7.5 | 7.5 | 11d ago | WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting file paths into the url parameter. Attack… | |
| CVE-2018-25326 | high | 7.5 | 7.5 | 11d ago | Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parame… | |
| CVE-2018-25325 | high | 7.5 | 7.5 | 11d ago | Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the delete_export_file AJAX … | |
| CVE-2018-17958 | high | 7.5 | 7.5 | 8y ago | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | |
| CVE-2018-25381 | high | 7.1 | 7.1 | 3d ago | Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can injec… | |
| CVE-2018-25380 | high | 7.1 | 7.1 | 3d ago | Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_s… | |
| CVE-2018-25352 | high | 7.1 | 7.1 | 5d ago | WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code th… | |
| CVE-2018-25347 | high | 7.1 | 7.1 | 5d ago | WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generete_csv_f… | |
| CVE-2018-25346 | high | 7.1 | 7.1 | 5d ago | WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the FormMakerSQLMa… | |
| CVE-2018-25319 | high | 7.1 | 7.1 | 11d ago | Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Att… | |
| CVE-2018-25207 | high | 7.1 | 7.1 | 2mo ago | Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POS… | |
| CVE-2018-25361 | medium | 6.8 | 6.8 | 3d ago | Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption k… | |
| CVE-2018-10622 | medium | 6.8 | 6.8 | 8y ago | Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data. | |
| CVE-2018-25312 | medium | 6.5 | 6.5 | 29d ago | LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interfac… | |
| CVE-2018-25311 | medium | 6.5 | 6.5 | 29d ago | VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path trav… | |
| CVE-2018-25378 | medium | 6.2 | 6.2 | 3d ago | Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can crea… | |
| CVE-2018-25369 | medium | 6.2 | 6.2 | 3d ago | Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious p… | |
| CVE-2018-25367 | medium | 6.2 | 6.2 | 3d ago | NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can tri… | |
| CVE-2018-25324 | medium | 6.2 | 6.2 | 11d ago | Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wp_abspat… | |
| CVE-2018-25313 | medium | 6.2 | 6.2 | 29d ago | SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can in… | |
| CVE-2018-25305 | medium | 6.2 | 6.2 | 29d ago | librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the… | |
| CVE-2018-25349 | medium | 6.1 | 6.1 | 5d ago | userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the ba… | |
| CVE-2018-25331 | medium | 6.1 | 6.1 | 11d ago | Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attac… | |
| CVE-2018-25309 | medium | 6.1 | 6.1 | 29d ago | MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can creat… | |
| CVE-2018-25269 | medium | 6.1 | 6.1 | 1mo ago | ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed … | |
| CVE-2018-25247 | medium | 6.1 | 6.1 | 2mo ago | MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerability. Authenticated attackers can inject script payloads into post or thread subjects; when other users view a profile that disp… | |
| CVE-2018-1000007 | medium | — | 5.5 | — | libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the hos… | |
| CVE-2018-1311 | medium | — | 5.5 | — | The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library… | |
| CVE-2018-1000005 | medium | — | 5.5 | — | libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess… | |
| CVE-2018-16230 | medium | — | 5.5 | — | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). | |
| CVE-2018-16452 | medium | — | 5.5 | — | The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. | |
| CVE-2018-5205 | medium | — | 5.5 | — | When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | |
| CVE-2018-20103 | medium | — | 5.5 | — | An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a lon… | |
| CVE-2018-16451 | medium | — | 5.5 | — | The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. | |
| CVE-2018-14468 | medium | — | 5.5 | — | The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). | |
| CVE-2018-19532 | medium | — | 5.5 | — | A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It all… | |
| CVE-2018-8002 | medium | — | 5.5 | — | In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vu… | |
| CVE-2018-5206 | medium | — | 5.5 | — | When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. | |
| CVE-2018-0739 | medium | — | 5.5 | — | Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of … | |
| CVE-2018-9251 | medium | — | 5.5 | — | The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERR… | |
| CVE-2018-1000135 | medium | — | 5.5 | — | GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, w… | |
| CVE-2018-20846 | medium | — | 5.5 | — | Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to caus… | |
| CVE-2018-16866 | medium | — | 5.5 | — | An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Version… | |
| CVE-2018-6484 | medium | — | 5.5 | — | In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of se… | |
| CVE-2018-6869 | medium | — | 5.5 | — | In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a den… |