CVEs from 2018
Total
3,113
critical
critical 229
high
high 302
medium
medium 256
low
low 39
% Critical
7.4%
% with KEV
2.9%
% with exploit
4.0%
Top vendors
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-25319 | high | 7.1 | 7.1 | 13d ago | Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Att… | |||
| CVE-2018-25207 | high | 7.1 | 7.1 | 2mo ago | Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POS… | |||
| CVE-2018-0737 | low | — | 2.5 | — | The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key gen… | |||
| CVE-2018-9055 | low | — | 2.5 | — | denial of service in jasper | |||
| CVE-2018-7175 | low | — | 2.5 | — | An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components. | |||
| CVE-2018-5388 | low | — | 2.5 | — | In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. | |||
| CVE-2018-1071 | low | — | 2.5 | — | zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. | |||
| CVE-2018-7455 | low | — | 2.5 | — | An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. | |||
| CVE-2018-0732 | low | — | 2.5 | — | During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long pe… | |||
| CVE-2018-6942 | low | — | 2.5 | — | An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. | |||
| CVE-2018-0502 | low | — | 2.5 | — | An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. | |||
| CVE-2018-13259 | low | — | 2.5 | — | An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. | |||
| CVE-2018-20225 | low | — | 2.5 | — | arbitrary code execution in python-pip | |||
| CVE-2018-7452 | low | — | 2.5 | — | A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. | |||
| CVE-2018-7454 | low | — | 2.5 | — | A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. | |||
| CVE-2018-8956 | low | — | 2.5 | — | ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packet… | |||
| CVE-2018-7174 | low | — | 2.5 | — | An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. | |||
| CVE-2018-18445 | low | — | 2.5 | — | In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min… | |||
| CVE-2018-9234 | low | — | 2.5 | — | GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with acce… | |||
| CVE-2018-7453 | low | — | 2.5 | — | Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. | |||
| CVE-2018-12558 | low | — | 2.5 | — | The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that c… | |||
| CVE-2018-20482 | low | — | 2.5 | — | GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c)… | |||
| CVE-2018-7173 | low | — | 2.5 | — | A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. | |||
| CVE-2018-9276 | unknown | — | 2.5 | 1y ago | Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console. | |||
| CVE-2018-14933 | unknown | — | 2.5 | 2y ago | NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. | |||
| CVE-2018-12699 | low | — | 2.5 | 2y ago | RHSA-2024:9689: binutils security update (Low) | |||
| CVE-2018-0824 | unknown | — | 2.5 | 2y ago | Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script. | |||
| CVE-2018-2628 | unknown | — | 2.5 | 4y ago | Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server. | |||
| CVE-2018-15133 | unknown | — | 2.5 | 4y ago | Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the appl… | |||
| CVE-2018-1000861 | unknown | — | 2.5 | 4y ago | A code execution vulnerability exists in the Stapler web framework used by Jenkins | |||
| CVE-2018-8440 | unknown | — | 2.5 | 4y ago | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). | |||
| CVE-2018-11138 | unknown | — | 2.5 | 4y ago | The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution. | |||
| CVE-2018-8120 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. | |||
| CVE-2018-20250 | unknown | — | 2.5 | 4y ago | WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution | |||
| CVE-2018-8453 | unknown | — | 2.5 | 4y ago | Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges. | |||
| CVE-2018-14847 | unknown | — | 2.5 | 5y ago | MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability i… | |||
| CVE-2018-20673 | low | — | 2.5 | 5y ago | RHSA-2021:4386: gcc security and bug fix update (Low) | |||
| CVE-2018-0296 | unknown | — | 2.5 | 5y ago | Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or inform… | |||
| CVE-2018-15961 | unknown | — | 2.5 | 5y ago | Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution. | |||
| CVE-2018-13379 | unknown | — | 2.5 | 5y ago | Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource request… | |||
| CVE-2018-20062 | unknown | — | 2.5 | 5y ago | ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter. | |||
| CVE-2018-10896 | low | — | 2.5 | 6y ago | RHSA-2020:3050: cloud-init security, bug fix, and enhancement update (Low) | |||
| CVE-2018-7263 | low | — | 2.5 | 6y ago | RHSA-2020:1631: GStreamer, libmad, and SDL security, bug fix, and enhancement update (Low) | |||
| CVE-2018-19840 | low | — | 2.5 | 6y ago | RHSA-2020:1581: wavpack security update (Low) | |||
| CVE-2018-19841 | low | — | 2.5 | 6y ago | RHSA-2020:1581: wavpack security update (Low) | |||
| CVE-2018-19519 | low | — | 2.5 | 6y ago | RHSA-2020:1604: tcpdump security update (Low) | |||
| CVE-2018-10910 | low | — | 2.5 | 6y ago | RHSA-2020:1912: bluez security update (Low) | |||
| CVE-2018-10392 | low | — | 2.5 | 7y ago | RHSA-2019:3703: libvorbis security update (Low) | |||
| CVE-2018-10393 | low | — | 2.5 | 7y ago | RHSA-2019:3703: libvorbis security update (Low) | |||
| CVE-2018-18751 | low | — | 2.5 | 7y ago | RHSA-2019:3643: gettext security update (Low) | |||
| CVE-2018-10932 | low | — | 2.5 | 7y ago | RHSA-2019:3673: lldpad security and bug fix update (Low) | |||
| CVE-2018-5745 | low | — | 2.5 | 7y ago | RHSA-2019:3552: bind security and bug fix update (Low) | |||
| CVE-2018-16838 | low | — | 2.5 | 7y ago | RHSA-2019:3651: sssd security, bug fix, and enhancement update (Low) | |||
| CVE-2018-6616 | low | — | 2.5 | 7y ago | RHBA-2019:3408: openjpeg2 bug fix and enhancement update (Low) | |||
| CVE-2018-0734 | low | — | 2.5 | 7y ago | RHSA-2019:3700: openssl security, bug fix, and enhancement update (Low) | |||
| CVE-2018-20657 | low | — | 2.5 | 7y ago | RHSA-2019:3352: gdb security, bug fix, and enhancement update (Low) | |||
| CVE-2018-0735 | low | — | 2.5 | 7y ago | RHSA-2019:3700: openssl security, bug fix, and enhancement update (Low) | |||
| CVE-2018-15811 | unknown | — | 2.5 | 7y ago | DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. | |||
| CVE-2018-18325 | unknown | — | 2.5 | 7y ago | DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch f… | |||
| CVE-2018-11776 | unknown | — | 2.5 | 8y ago | Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defi… | |||
| CVE-2018-14634 | unknown | — | 1.5 | 4mo ago | Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escala… | |||
| CVE-2018-4063 | unknown | — | 1.5 | 6mo ago | Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploade… | |||
| CVE-2018-8639 | unknown | — | 1.5 | 1y ago | Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnera… | |||
| CVE-2018-19410 | unknown | — | 1.5 | 1y ago | Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator). | |||
| CVE-2018-18809 | unknown | — | 1.5 | 4y ago | TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system. | |||
| CVE-2018-5430 | unknown | — | 1.5 | 4y ago | TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. | |||
| CVE-2018-19323 | unknown | — | 1.5 | 4y ago | The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be… | |||
| CVE-2018-19320 | unknown | — | 1.5 | 4y ago | The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complet… | |||
| CVE-2018-19321 | unknown | — | 1.5 | 4y ago | The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could… | |||
| CVE-2018-19322 | unknown | — | 1.5 | 4y ago | The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leve… | |||
| CVE-2018-13374 | unknown | — | 1.5 | 4y ago | Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server conn… | |||
| CVE-2018-7445 | unknown | — | 1.5 | 4y ago | In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code e… | |||
| CVE-2018-6530 | unknown | — | 1.5 | 4y ago | Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands. | |||
| CVE-2018-4344 | unknown | — | 1.5 | 4y ago | Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution. | |||
| CVE-2018-4990 | unknown | — | 1.5 | 4y ago | Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution. | |||
| CVE-2018-6065 | unknown | — | 1.5 | 4y ago | Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect mult… | |||
| CVE-2018-19943 | unknown | — | 1.5 | 4y ago | A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. | |||
| CVE-2018-19953 | unknown | — | 1.5 | 4y ago | A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. | |||
| CVE-2018-8611 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. | |||
| CVE-2018-19949 | unknown | — | 1.5 | 4y ago | A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands. | |||
| CVE-2018-5002 | unknown | — | 1.5 | 4y ago | Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution. | |||
| CVE-2018-8589 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security contex… | |||
| CVE-2018-8298 | unknown | — | 1.5 | 4y ago | The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution. | |||
| CVE-2018-14667 | unknown | — | 1.5 | 4y ago | Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute… | |||
| CVE-2018-6882 | unknown | — | 1.5 | 4y ago | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2018-7841 | unknown | — | 1.5 | 4y ago | A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered. | |||
| CVE-2018-20753 | unknown | — | 1.5 | 4y ago | Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. | |||
| CVE-2018-10562 | unknown | — | 1.5 | 4y ago | Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution. | |||
| CVE-2018-10561 | unknown | — | 1.5 | 4y ago | Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution. | |||
| CVE-2018-8406 | unknown | — | 1.5 | 4y ago | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. | |||
| CVE-2018-8405 | unknown | — | 1.5 | 4y ago | An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. | |||
| CVE-2018-0147 | unknown | — | 1.5 | 4y ago | A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulne… | |||
| CVE-2018-0125 | unknown | — | 1.5 | 4y ago | A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system. | |||
| CVE-2018-14839 | unknown | — | 1.5 | 4y ago | LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability. | |||
| CVE-2018-8373 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. | |||
| CVE-2018-8414 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. | |||
| CVE-2018-6961 | unknown | — | 1.5 | 4y ago | VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution. | |||
| CVE-2018-0158 | unknown | — | 1.5 | 4y ago | A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause… | |||
| CVE-2018-0156 | unknown | — | 1.5 | 4y ago | A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a … | |||
| CVE-2018-0151 | unknown | — | 1.5 | 4y ago | A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition … |