CVEs from 2018
Total
3,142
critical
critical 229
high
high 301
medium
medium 256
low
low 39
% Critical
7.3%
% with KEV
2.8%
% with exploit
4.0%
Top vendors
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16890 | medium | — | 5.5 | 7y ago | RHSA-2019:3701: curl security and bug fix update (Moderate) | |||
| CVE-2018-1000877 | medium | — | 5.5 | 7y ago | RHSA-2019:3698: libarchive security and bug fix update (Moderate) | |||
| CVE-2018-12121 | medium | — | 5.5 | 7y ago | RHSA-2019:3497: http-parser security and bug fix update (Moderate) | |||
| CVE-2018-12900 | medium | — | 5.5 | 7y ago | RHSA-2019:3419: libtiff security update (Moderate) | |||
| CVE-2018-19873 | medium | — | 5.5 | 7y ago | RHSA-2019:3390: qt5-qtbase security and bug fix update (Moderate) | |||
| CVE-2018-19870 | medium | — | 5.5 | 7y ago | RHSA-2019:3390: qt5-qtbase security and bug fix update (Moderate) | |||
| CVE-2018-15518 | medium | — | 5.5 | 7y ago | RHSA-2019:3390: qt5-qtbase security and bug fix update (Moderate) | |||
| CVE-2018-20685 | medium | — | 5.5 | 7y ago | RHSA-2019:3702: openssh security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20534 | medium | — | 5.5 | 7y ago | RHSA-2019:3583: yum security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20483 | medium | — | 5.5 | 7y ago | RHSA-2019:3701: curl security and bug fix update (Moderate) | |||
| CVE-2018-20481 | medium | — | 5.5 | 7y ago | RHSA-2019:2713: poppler security update (Moderate) | |||
| CVE-2018-18897 | medium | — | 5.5 | 7y ago | RHSA-2019:2713: poppler security update (Moderate) | |||
| CVE-2018-20551 | medium | — | 5.5 | 7y ago | RHSA-2019:2713: poppler security update (Moderate) | |||
| CVE-2018-20662 | medium | — | 5.5 | 7y ago | RHSA-2019:2713: poppler security update (Moderate) | |||
| CVE-2018-20650 | medium | — | 5.5 | 7y ago | RHSA-2019:2713: poppler security update (Moderate) | |||
| CVE-2018-18508 | medium | — | 5.5 | 7y ago | RHSA-2019:1951: nss and nspr security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-19800 | medium | — | 5.5 | 7y ago | aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. | |||
| CVE-2018-19802 | medium | — | 5.5 | 7y ago | aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. | |||
| CVE-2018-19801 | medium | — | 5.5 | 7y ago | aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. | |||
| CVE-2018-20677 | medium | — | 5.5 | 8y ago | RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20676 | medium | — | 5.5 | 8y ago | RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-7536 | medium | — | 5.5 | 8y ago | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastroph… | |||
| CVE-2018-7537 | medium | — | 5.5 | 8y ago | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they w… | |||
| CVE-2018-20060 | medium | — | 5.5 | 8y ago | RHSA-2020:1916: python-pip security update (Moderate) | |||
| CVE-2018-20099 | medium | — | 5.5 | 8y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20098 | medium | — | 5.5 | 8y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20097 | medium | — | 5.5 | 8y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-20096 | medium | — | 5.5 | 8y ago | RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-19352 | medium | — | 5.5 | 8y ago | Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. | |||
| CVE-2018-19351 | medium | — | 5.5 | 8y ago | Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can e… | |||
| CVE-2018-18074 | medium | — | 5.5 | 8y ago | RHSA-2020:1916: python-pip security update (Moderate) | |||
| CVE-2018-3750 | medium | — | 5.5 | 8y ago | RHSA-2021:0549: nodejs:12 security update (Moderate) | |||
| CVE-2018-14574 | medium | — | 5.5 | 8y ago | django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | |||
| CVE-2018-14404 | medium | — | 5.5 | 8y ago | RHSA-2020:1827: libxml2 security update (Moderate) | |||
| CVE-2018-6188 | medium | — | 5.5 | 8y ago | django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from th… | |||
| CVE-2018-16984 | medium | — | 5.5 | 8y ago | An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display a… | |||
| CVE-2018-1000559 | medium | — | 5.5 | 8y ago | qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via… | |||
| CVE-2018-14042 | medium | — | 5.5 | 8y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2018-1999024 | medium | — | 5.5 | 8y ago | MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. Th… | |||
| CVE-2018-3639 | medium | 5.5 | 5.5 | 8y ago | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of i… | |||
| CVE-2018-3740 | medium | — | 5.5 | 8y ago | A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. | |||
| CVE-2018-25384 | medium | 5.4 | 5.4 | 6h ago | Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can pos… | |||
| CVE-2018-25334 | medium | 5.4 | 5.4 | 12d ago | Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token, but… | |||
| CVE-2018-7795 | medium | 5.4 | 5.4 | 8y ago | A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. The vulnerability makes the product susceptible to cross site scripting … | |||
| CVE-2018-25397 | medium | 5.3 | 5.3 | 6h ago | PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated … | |||
| CVE-2018-25387 | medium | 5.3 | 5.3 | 6h ago | HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft… | |||
| CVE-2018-25370 | medium | 5.3 | 5.3 | 4d ago | Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious H… | |||
| CVE-2018-25336 | medium | 5.3 | 5.3 | 12d ago | jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML form… | |||
| CVE-2018-25327 | medium | 5.3 | 5.3 | 12d ago | Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTM… | |||
| CVE-2018-25298 | medium | 5.3 | 5.3 | 1mo ago | Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attacker… | |||
| CVE-2018-10626 | medium | 4.4 | 4.4 | 8y ago | Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired … | |||
| CVE-2018-25363 | medium | 4.3 | 4.3 | 4d ago | Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms t… | |||
| CVE-2018-25354 | medium | 4.3 | 4.3 | 6d ago | Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pag… | |||
| CVE-2018-25343 | medium | 4.3 | 4.3 | 6d ago | Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft H… | |||
| CVE-2018-25337 | medium | 4.3 | 4.3 | 12d ago | Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML fo… | |||
| CVE-2018-25321 | medium | 4.3 | 4.3 | 12d ago | TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attacker… | |||
| CVE-2018-25310 | medium | 4.3 | 4.3 | 1mo ago | VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cros… | |||
| CVE-2018-9276 | unknown | — | 2.5 | 1y ago | Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console. | |||
| CVE-2018-14933 | unknown | — | 2.5 | 2y ago | NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. | |||
| CVE-2018-0824 | unknown | — | 2.5 | 2y ago | Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script. | |||
| CVE-2018-2628 | unknown | — | 2.5 | 4y ago | Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server. | |||
| CVE-2018-15133 | unknown | — | 2.5 | 4y ago | Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the appl… | |||
| CVE-2018-1000861 | unknown | — | 2.5 | 4y ago | A code execution vulnerability exists in the Stapler web framework used by Jenkins | |||
| CVE-2018-8440 | unknown | — | 2.5 | 4y ago | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). | |||
| CVE-2018-11138 | unknown | — | 2.5 | 4y ago | The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution. | |||
| CVE-2018-8120 | unknown | — | 2.5 | 4y ago | A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. | |||
| CVE-2018-20250 | unknown | — | 2.5 | 4y ago | WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution | |||
| CVE-2018-8453 | unknown | — | 2.5 | 4y ago | Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges. | |||
| CVE-2018-14847 | unknown | — | 2.5 | 5y ago | MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability i… | |||
| CVE-2018-13379 | unknown | — | 2.5 | 5y ago | Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource request… | |||
| CVE-2018-15961 | unknown | — | 2.5 | 5y ago | Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution. | |||
| CVE-2018-0296 | unknown | — | 2.5 | 5y ago | Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or inform… | |||
| CVE-2018-20062 | unknown | — | 2.5 | 5y ago | ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter. | |||
| CVE-2018-15811 | unknown | — | 2.5 | 7y ago | DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. | |||
| CVE-2018-18325 | unknown | — | 2.5 | 7y ago | DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch f… | |||
| CVE-2018-11776 | unknown | — | 2.5 | 8y ago | Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defi… | |||
| CVE-2018-14634 | unknown | — | 1.5 | 4mo ago | Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escala… | |||
| CVE-2018-4063 | unknown | — | 1.5 | 6mo ago | Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploade… | |||
| CVE-2018-8639 | unknown | — | 1.5 | 1y ago | Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnera… | |||
| CVE-2018-19410 | unknown | — | 1.5 | 1y ago | Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator). | |||
| CVE-2018-5430 | unknown | — | 1.5 | 4y ago | TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. | |||
| CVE-2018-18809 | unknown | — | 1.5 | 4y ago | TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system. | |||
| CVE-2018-19323 | unknown | — | 1.5 | 4y ago | The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be… | |||
| CVE-2018-19321 | unknown | — | 1.5 | 4y ago | The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could… | |||
| CVE-2018-19320 | unknown | — | 1.5 | 4y ago | The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complet… | |||
| CVE-2018-19322 | unknown | — | 1.5 | 4y ago | The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leve… | |||
| CVE-2018-6530 | unknown | — | 1.5 | 4y ago | Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands. | |||
| CVE-2018-7445 | unknown | — | 1.5 | 4y ago | In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code e… | |||
| CVE-2018-13374 | unknown | — | 1.5 | 4y ago | Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server conn… | |||
| CVE-2018-4344 | unknown | — | 1.5 | 4y ago | Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution. | |||
| CVE-2018-4990 | unknown | — | 1.5 | 4y ago | Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution. | |||
| CVE-2018-6065 | unknown | — | 1.5 | 4y ago | Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect mult… | |||
| CVE-2018-8611 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. | |||
| CVE-2018-19943 | unknown | — | 1.5 | 4y ago | A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. | |||
| CVE-2018-19949 | unknown | — | 1.5 | 4y ago | A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands. | |||
| CVE-2018-19953 | unknown | — | 1.5 | 4y ago | A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. | |||
| CVE-2018-5002 | unknown | — | 1.5 | 4y ago | Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution. | |||
| CVE-2018-8589 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security contex… | |||
| CVE-2018-8298 | unknown | — | 1.5 | 4y ago | The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution. | |||
| CVE-2018-14667 | unknown | — | 1.5 | 4y ago | Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute… |