VIR Vulnerability Intelligence Relay

CVEs from 2018

3,719 normalized CVEs published or assigned in this year.

Total
3,719
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
6.1%
% with KEV
2.4%
% with exploit
2.4%

Top vendors

Top products

  • erpnext 4
  • terminal_services_manager 1
  • ultraiso 1
  • dolibarr_erp\/crm 1
  • gitbucket 1
  • pdfunite 1
  • qemu 1
  • virtualization_manager 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2018-14626 medium 5.5 PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of ser… archsusedebian
CVE-2018-6352 medium 5.5 In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service … archsusedebian
CVE-2018-6869 medium 5.5 In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a den… archsusedebian
CVE-2018-18384 medium 5.5 Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is… archsusedebian
CVE-2018-5783 medium 5.5 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial… archsusedebian
CVE-2018-19532 medium 5.5 A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It all… archsusedebian
CVE-2018-14468 medium 5.5 The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). suserockylinuxdebian
CVE-2018-16451 medium 5.5 The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. suserockylinuxdebian
CVE-2018-1122 medium 5.5 procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege esca… archsusedebian
CVE-2018-19661 medium 5.5 An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. archdebian
CVE-2018-5730 medium 5.5 MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerd… archsusedebian
CVE-2018-14882 medium 5.5 The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. suserockylinuxdebian
CVE-2018-1283 medium 5.5 multiple issues in apache debianarchsuse
CVE-2018-1302 medium 5.5 multiple issues in apache debianarchsuse
CVE-2018-14881 medium 5.5 The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). suserockylinuxdebian
CVE-2018-10779 medium 5.5 TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff. archsusedebian
CVE-2018-20797 medium 5.5 An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPr… archsusedebian
CVE-2018-5208 medium 5.5 In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. archdebian
CVE-2018-5309 medium 5.5 In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerabi… archsusedebian
CVE-2018-6459 medium 5.5 The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that… archsusedebian
CVE-2018-25306 medium 5.5 5.5 29d ago PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmen… ubuntu
CVE-2018-25267 medium 5.5 5.5 1mo ago UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of the Make CD/DVD Image dialog that allows attackers to overwrite SEH and SE handler records. Attacker…
CVE-2018-17828 medium 5.5 7mo ago Moderate: zziplib security update redhatsuserockylinuxdebian
CVE-2018-15209 medium 5.5 2y ago Moderate: libtiff security update suserockylinuxdebian
CVE-2018-18624 medium 5.5 4y ago Moderate: grafana security, bug fix, and enhancement update susegolang
CVE-2018-7260 medium 5.5 4y ago Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. archdebianphp
CVE-2018-13258 medium 5.5 4y ago Mediawiki tarball is missing .htaccess files archdebianphp
CVE-2018-1000120 medium 5.5 4y ago curl FTP path confusion leads to NIL byte out of bounds write archsusedebiannuget
CVE-2018-1999043 medium 5.5 4y ago Missing Release of Resource after Effective Lifetime in Jenkins archjava
CVE-2018-0503 medium 5.5 4y ago Mediawiki Improper Privilege Management archdebianphp
CVE-2018-0505 medium 5.5 4y ago Mediawiki BotPassword can bypass CentralAuth's account lock archdebianphp
CVE-2018-14773 medium 5.5 4y ago An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises … archdebianphp
CVE-2018-14040 medium 5.5 4y ago Bootstrap vulnerable to Cross-Site Scripting (XSS) rockylinuxdebianrubynpm+3
CVE-2018-20847 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-5727 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-20845 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-5785 medium 5.5 5y ago Moderate: openjpeg2 security update suserockylinuxdebian
CVE-2018-25013 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25009 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25010 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25012 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-25014 medium 5.5 5y ago Moderate: libwebp security update suserockylinuxdebian
CVE-2018-21247 medium 5.5 5y ago Moderate: libvncserver security update suserockylinuxdebian
CVE-2018-17199 medium 5.5 5y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchsuserockylinux
CVE-2018-20843 medium 5.5 6y ago In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enoug… susedebianrockylinux
CVE-2018-17189 medium 5.5 6y ago Moderate: httpd:2.4 security, bug fix, and enhancement update debianarchsuserockylinux
CVE-2018-11782 medium 5.5 6y ago Moderate: subversion:1.10 security update archsuserockylinuxdebian
CVE-2018-21035 medium 5.5 6y ago Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update suserockylinuxdebian
CVE-2018-14553 medium 5.5 6y ago Moderate: gd security update susedebianrockylinux
CVE-2018-1000858 medium 5.5 6y ago Moderate: gnupg2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-20337 medium 5.5 6y ago Moderate: GNOME security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-11684 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-12085 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-11685 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-11577 medium 5.5 6y ago Moderate: liblouis security and bug fix update susedebianrockylinux
CVE-2018-19871 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-19872 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-19869 medium 5.5 6y ago Moderate: qt5 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-13139 medium 5.5 6y ago Moderate: libsndfile security update archsusedebianrockylinux
CVE-2018-19662 medium 5.5 6y ago Moderate: libsndfile security update archdebianrockylinux
CVE-2018-20783 medium 5.5 6y ago Moderate: php:7.2 security, bug fix, and enhancement update suserockylinux
CVE-2018-20852 medium 5.5 6y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebian
CVE-2018-19107 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-9304 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-9303 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-14338 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update debianrockylinux
CVE-2018-19535 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-9306 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update rockylinuxalmalinux
CVE-2018-10772 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-9305 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxalmalinux
CVE-2018-17230 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-17229 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-18915 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-19108 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-19607 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-4868 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-11037 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update debianrockylinux
CVE-2018-17581 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-17282 medium 5.5 6y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinux
CVE-2018-14498 medium 5.5 7y ago Moderate: libjpeg-turbo security update susedebianrockylinux
CVE-2018-19800 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. debianarchpython
CVE-2018-19802 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. debianarchpython
CVE-2018-19801 medium 5.5 7y ago aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters. debianarchpython
CVE-2018-20676 medium 5.5 8y ago XSS vulnerability that affects bootstrap rockylinuxdebianrubynpm+3
CVE-2018-20677 medium 5.5 8y ago Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update rockylinuxdebianrubynpm+3
CVE-2018-7536 medium 5.5 8y ago An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastroph… archdebianpython
CVE-2018-7537 medium 5.5 8y ago An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they w… archsusedebianpython
CVE-2018-20060 medium 5.5 8y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebianpython
CVE-2018-20097 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython
CVE-2018-20096 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython
CVE-2018-20098 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython
CVE-2018-20099 medium 5.5 8y ago Moderate: exiv2 security, bug fix, and enhancement update susedebianrockylinuxpython
CVE-2018-19352 medium 5.5 8y ago Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. archdebianpython
CVE-2018-19351 medium 5.5 8y ago Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can e… archdebianpython
CVE-2018-18074 medium 5.5 8y ago Moderate: python27:2.7 security, bug fix, and enhancement update suserockylinuxdebianpython
CVE-2018-3750 medium 5.5 8y ago Moderate: nodejs:12 security update rockylinuxdebiannpm
CVE-2018-14574 medium 5.5 8y ago django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. archsusedebianpython
CVE-2018-6188 medium 5.5 8y ago django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from th… archdebianpython
CVE-2018-16984 medium 5.5 8y ago An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display a… archsusedebianpython
CVE-2018-1000559 medium 5.5 8y ago qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via… archdebianpython