CVEs from 2018
Total
3,156
critical
critical 228
high
high 272
medium
medium 224
low
low 32
% Critical
7.2%
% with KEV
2.8%
% with exploit
4.0%
Top vendors
Top products
- modicon_m221 6
- erpnext 4
- somachine_basic 2
- modicon_m340 2
- modicon_m580 2
- 140cpu67160 1
- 140cpu65160s 1
- terminal_services_manager 1
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14470 | medium | — | 5.5 | — | The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). | |||
| CVE-2018-25306 | medium | 5.5 | 5.5 | 1mo ago | PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmen… | |||
| CVE-2018-25267 | medium | 5.5 | 5.5 | 1mo ago | UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attacker… | |||
| CVE-2018-17828 | medium | — | 5.5 | 7mo ago | Moderate: zziplib security update | |||
| CVE-2018-15209 | medium | — | 5.5 | 2y ago | Moderate: libtiff security update | |||
| CVE-2018-18624 | medium | — | 5.5 | 4y ago | Moderate: grafana security, bug fix, and enhancement update | |||
| CVE-2018-7260 | medium | — | 5.5 | 4y ago | Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2018-13258 | medium | — | 5.5 | 4y ago | Mediawiki tarball is missing .htaccess files | |||
| CVE-2018-1000120 | medium | — | 5.5 | 4y ago | curl FTP path confusion leads to NIL byte out of bounds write | |||
| CVE-2018-1999043 | medium | — | 5.5 | 4y ago | Missing Release of Resource after Effective Lifetime in Jenkins | |||
| CVE-2018-0503 | medium | — | 5.5 | 4y ago | Mediawiki Improper Privilege Management | |||
| CVE-2018-0505 | medium | — | 5.5 | 4y ago | Mediawiki BotPassword can bypass CentralAuth's account lock | |||
| CVE-2018-14773 | medium | — | 5.5 | 4y ago | An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises … | |||
| CVE-2018-14040 | medium | — | 5.5 | 4y ago | Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update | |||
| CVE-2018-5785 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |||
| CVE-2018-5727 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |||
| CVE-2018-20845 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |||
| CVE-2018-20847 | medium | — | 5.5 | 5y ago | Moderate: openjpeg2 security update | |||
| CVE-2018-25009 | medium | — | 5.5 | 5y ago | Moderate: libwebp security update | |||
| CVE-2018-25014 | medium | — | 5.5 | 5y ago | Moderate: libwebp security update | |||
| CVE-2018-25012 | medium | — | 5.5 | 5y ago | Moderate: libwebp security update | |||
| CVE-2018-25010 | medium | — | 5.5 | 5y ago | Moderate: libwebp security update | |||
| CVE-2018-25013 | medium | — | 5.5 | 5y ago | Moderate: libwebp security update | |||
| CVE-2018-21247 | medium | — | 5.5 | 5y ago | Moderate: libvncserver security update | |||
| CVE-2018-17199 | medium | — | 5.5 | 5y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |||
| CVE-2018-20843 | medium | — | 5.5 | 6y ago | In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enoug… | |||
| CVE-2018-17189 | medium | — | 5.5 | 6y ago | Moderate: httpd:2.4 security, bug fix, and enhancement update | |||
| CVE-2018-11782 | medium | — | 5.5 | 6y ago | Moderate: subversion:1.10 security update | |||
| CVE-2018-21035 | medium | — | 5.5 | 6y ago | Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update | |||
| CVE-2018-14553 | medium | — | 5.5 | 6y ago | Moderate: gd security update | |||
| CVE-2018-1000858 | medium | — | 5.5 | 6y ago | Moderate: gnupg2 security, bug fix, and enhancement update | |||
| CVE-2018-20337 | medium | — | 5.5 | 6y ago | Moderate: GNOME security, bug fix, and enhancement update | |||
| CVE-2018-11684 | medium | — | 5.5 | 6y ago | Moderate: liblouis security and bug fix update | |||
| CVE-2018-12085 | medium | — | 5.5 | 6y ago | Moderate: liblouis security and bug fix update | |||
| CVE-2018-11685 | medium | — | 5.5 | 6y ago | Moderate: liblouis security and bug fix update | |||
| CVE-2018-11577 | medium | — | 5.5 | 6y ago | Moderate: liblouis security and bug fix update | |||
| CVE-2018-19871 | medium | — | 5.5 | 6y ago | Moderate: qt5 security, bug fix, and enhancement update | |||
| CVE-2018-19869 | medium | — | 5.5 | 6y ago | Moderate: qt5 security, bug fix, and enhancement update | |||
| CVE-2018-19872 | medium | — | 5.5 | 6y ago | Moderate: qt5 security, bug fix, and enhancement update | |||
| CVE-2018-19662 | medium | — | 5.5 | 6y ago | Moderate: libsndfile security update | |||
| CVE-2018-13139 | medium | — | 5.5 | 6y ago | Moderate: libsndfile security update | |||
| CVE-2018-20783 | medium | — | 5.5 | 6y ago | Moderate: php:7.2 security, bug fix, and enhancement update | |||
| CVE-2018-20852 | medium | — | 5.5 | 6y ago | Moderate: python27:2.7 security, bug fix, and enhancement update | |||
| CVE-2018-18915 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-9305 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-17581 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-17229 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-9304 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-19607 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-14338 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-19535 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-17282 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-11037 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-19108 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-9303 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-17230 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-19107 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-10772 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-4868 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-9306 | medium | — | 5.5 | 6y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-14498 | medium | — | 5.5 | 7y ago | Moderate: libjpeg-turbo security update | |||
| CVE-2018-19800 | medium | — | 5.5 | 7y ago | aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. | |||
| CVE-2018-19802 | medium | — | 5.5 | 7y ago | aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. | |||
| CVE-2018-19801 | medium | — | 5.5 | 7y ago | aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. | |||
| CVE-2018-20677 | medium | — | 5.5 | 8y ago | Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update | |||
| CVE-2018-20676 | medium | — | 5.5 | 8y ago | Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update | |||
| CVE-2018-7536 | medium | — | 5.5 | 8y ago | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastroph… | |||
| CVE-2018-7537 | medium | — | 5.5 | 8y ago | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they w… | |||
| CVE-2018-20060 | medium | — | 5.5 | 8y ago | Moderate: python27:2.7 security, bug fix, and enhancement update | |||
| CVE-2018-20099 | medium | — | 5.5 | 8y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-20097 | medium | — | 5.5 | 8y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-20096 | medium | — | 5.5 | 8y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-20098 | medium | — | 5.5 | 8y ago | Moderate: exiv2 security, bug fix, and enhancement update | |||
| CVE-2018-19352 | medium | — | 5.5 | 8y ago | Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. | |||
| CVE-2018-19351 | medium | — | 5.5 | 8y ago | Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can e… | |||
| CVE-2018-18074 | medium | — | 5.5 | 8y ago | Moderate: python27:2.7 security, bug fix, and enhancement update | |||
| CVE-2018-3750 | medium | — | 5.5 | 8y ago | Moderate: nodejs:12 security update | |||
| CVE-2018-14574 | medium | — | 5.5 | 8y ago | django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | |||
| CVE-2018-6188 | medium | — | 5.5 | 8y ago | django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from th… | |||
| CVE-2018-16984 | medium | — | 5.5 | 8y ago | An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display a… | |||
| CVE-2018-1000559 | medium | — | 5.5 | 8y ago | qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via… | |||
| CVE-2018-14042 | medium | — | 5.5 | 8y ago | Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update | |||
| CVE-2018-1999024 | medium | — | 5.5 | 8y ago | MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. Th… | |||
| CVE-2018-3740 | medium | — | 5.5 | 8y ago | A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. | |||
| CVE-2018-25334 | medium | 5.4 | 5.4 | 12d ago | Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but… | |||
| CVE-2018-25370 | medium | 5.3 | 5.3 | 4d ago | Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious H… | |||
| CVE-2018-25336 | medium | 5.3 | 5.3 | 12d ago | jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML form… | |||
| CVE-2018-25327 | medium | 5.3 | 5.3 | 12d ago | Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTM… | |||
| CVE-2018-25298 | medium | 5.3 | 5.3 | 1mo ago | Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attacker… | |||
| CVE-2018-10626 | medium | 4.4 | 4.4 | 8y ago | Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired … | |||
| CVE-2018-25363 | medium | 4.3 | 4.3 | 4d ago | Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms t… | |||
| CVE-2018-25354 | medium | 4.3 | 4.3 | 6d ago | Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pag… | |||
| CVE-2018-25343 | medium | 4.3 | 4.3 | 6d ago | Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft H… | |||
| CVE-2018-25337 | medium | 4.3 | 4.3 | 12d ago | Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML fo… | |||
| CVE-2018-25321 | medium | 4.3 | 4.3 | 12d ago | TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attacker… | |||
| CVE-2018-25310 | medium | 4.3 | 4.3 | 1mo ago | VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cros… | |||
| CVE-2018-7452 | low | — | 2.5 | — | A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. | |||
| CVE-2018-9055 | low | — | 2.5 | — | denial of service in jasper | |||
| CVE-2018-7454 | low | — | 2.5 | — | A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. | |||
| CVE-2018-7455 | low | — | 2.5 | — | An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. |