CVEs from 2018
Total
3,719
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
6.1%
% with KEV
2.4%
% with exploit
2.4%
Top vendors
- frappe 4
- redhat 2
- magix 1
- mybb 1
- gitbucket 1
- qemu 1
- dragonexpert 1
- kingsoftstore 1
Top products
- erpnext 4
- terminal_services_manager 1
- ultraiso 1
- dolibarr_erp\/crm 1
- gitbucket 1
- pdfunite 1
- qemu 1
- virtualization_manager 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2018-17480 | critical | — | 10.0 | 4y ago | multiple issues in chromium | |
| CVE-2018-17463 | critical | — | 10.0 | 4y ago | multiple issues in chromium | |
| CVE-2018-7602 | critical | — | 10.0 | 8y ago | A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. | |
| CVE-2018-7600 | critical | — | 10.0 | 8y ago | Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. | |
| CVE-2018-25357 | critical | 9.8 | 9.8 | 5d ago | Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers ca… | |
| CVE-2018-25350 | critical | 9.8 | 9.8 | 5d ago | userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. At… | |
| CVE-2018-25335 | critical | 9.8 | 9.8 | 11d ago | WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint.… | |
| CVE-2018-25332 | critical | 9.8 | 9.8 | 11d ago | GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file uploa… | |
| CVE-2018-25320 | critical | 9.8 | 9.8 | 11d ago | ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can … | |
| CVE-2018-25318 | critical | 9.8 | 9.8 | 29d ago | Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers ca… | |
| CVE-2018-25317 | critical | 9.8 | 9.8 | 29d ago | Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient se… | |
| CVE-2018-25316 | critical | 9.8 | 9.8 | 29d ago | Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send… | |
| CVE-2018-25272 | critical | 9.8 | 9.8 | 1mo ago | ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to … | |
| CVE-2018-5159 | critical | — | 9.5 | — | An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially e… | |
| CVE-2018-6099 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-11356 | critical | — | 9.5 | — | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in … | |
| CVE-2018-5168 | critical | — | 9.5 | — | Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without… | |
| CVE-2018-20346 | critical | — | 9.5 | — | SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allow… | |
| CVE-2018-5170 | critical | — | 9.5 | — | It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. Thi… | |
| CVE-2018-6114 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-5161 | critical | — | 9.5 | — | Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | |
| CVE-2018-11354 | critical | — | 9.5 | — | In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. | |
| CVE-2018-5155 | critical | — | 9.5 | — | A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, … | |
| CVE-2018-5186 | critical | — | 9.5 | — | Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. T… | |
| CVE-2018-17475 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-12377 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exp… | |
| CVE-2018-12392 | critical | — | 9.5 | — | When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects… | |
| CVE-2018-5144 | critical | — | 9.5 | — | An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. | |
| CVE-2018-12372 | critical | — | 9.5 | — | Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. | |
| CVE-2018-12396 | critical | — | 9.5 | — | A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites w… | |
| CVE-2018-12386 | critical | — | 9.5 | — | A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process whe… | |
| CVE-2018-5157 | critical | — | 9.5 | — | Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing… | |
| CVE-2018-18648 | critical | — | 9.5 | — | multiple issues in gitlab | |
| CVE-2018-5156 | critical | — | 9.5 | — | A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potent… | |
| CVE-2018-11357 | critical | — | 9.5 | — | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths. | |
| CVE-2018-17462 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-18509 | critical | — | 9.5 | — | A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signatur… | |
| CVE-2018-11233 | critical | — | 9.5 | — | In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. | |
| CVE-2018-11362 | critical | — | 9.5 | — | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing… | |
| CVE-2018-5185 | critical | — | 9.5 | — | Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | |
| CVE-2018-5154 | critical | — | 9.5 | — | A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < … | |
| CVE-2018-17474 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-19625 | critical | — | 9.5 | — | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read. | |
| CVE-2018-12395 | critical | — | 9.5 | — | By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are o… | |
| CVE-2018-5160 | critical | — | 9.5 | — | WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a pot… | |
| CVE-2018-18503 | critical | — | 9.5 | — | When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < … | |
| CVE-2018-11355 | critical | — | 9.5 | — | In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks. | |
| CVE-2018-12403 | critical | — | 9.5 | — | If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox < 63. | |
| CVE-2018-19623 | critical | — | 9.5 | — | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. T… | |
| CVE-2018-12361 | critical | — | 9.5 | — | An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which resul… | |
| CVE-2018-5151 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |
| CVE-2018-18502 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 64. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of… | |
| CVE-2018-19622 | critical | — | 9.5 | — | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. | |
| CVE-2018-11360 | critical | — | 9.5 | — | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a bu… | |
| CVE-2018-11358 | critical | — | 9.5 | — | In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet pre… | |
| CVE-2018-18506 | critical | — | 9.5 | — | When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to … | |
| CVE-2018-1057 | critical | — | 9.5 | — | On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' … | |
| CVE-2018-18497 | critical | — | 9.5 | — | Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argumen… | |
| CVE-2018-18649 | critical | — | 9.5 | — | multiple issues in gitlab | |
| CVE-2018-12378 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploita… | |
| CVE-2018-12397 | critical | — | 9.5 | — | A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to … | |
| CVE-2018-12390 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |
| CVE-2018-5177 | critical | — | 9.5 | — | A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affect… | |
| CVE-2018-6108 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-6112 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-12379 | critical | — | 9.5 | — | When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running t… | |
| CVE-2018-5169 | critical | — | 9.5 | — | If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the hom… | |
| CVE-2018-6115 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-5764 | critical | — | 9.5 | — | The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection me… | |
| CVE-2018-12366 | critical | — | 9.5 | — | An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability af… | |
| CVE-2018-5175 | critical | — | 9.5 | — | A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could i… | |
| CVE-2018-5146 | critical | — | 9.5 | — | An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. | |
| CVE-2018-18640 | critical | — | 9.5 | — | multiple issues in gitlab | |
| CVE-2018-12376 | critical | — | 9.5 | — | Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to … | |
| CVE-2018-12405 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |
| CVE-2018-10933 | critical | — | 9.5 | — | A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unautho… | |
| CVE-2018-5125 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploit… | |
| CVE-2018-6096 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-12371 | critical | — | 9.5 | — | An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting i… | |
| CVE-2018-12365 | critical | — | 9.5 | — | A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private l… | |
| CVE-2018-5176 | critical | — | 9.5 | — | The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" link… | |
| CVE-2018-5164 | critical | — | 9.5 | — | Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block… | |
| CVE-2018-5173 | critical | — | 9.5 | — | The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially exe… | |
| CVE-2018-19627 | critical | — | 9.5 | — | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary. | |
| CVE-2018-5178 | critical | — | 9.5 | — | A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy ex… | |
| CVE-2018-19626 | critical | — | 9.5 | — | In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination. | |
| CVE-2018-6105 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-6087 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-18340 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-5127 | critical | — | 9.5 | — | A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR… | |
| CVE-2018-5150 | critical | — | 9.5 | — | Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of the… | |
| CVE-2018-5181 | critical | — | 9.5 | — | If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to p… | |
| CVE-2018-6103 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-6098 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-6102 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-5180 | critical | — | 9.5 | — | A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief… | |
| CVE-2018-6093 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-6118 | critical | — | 9.5 | — | arbitrary code execution in chromium | |
| CVE-2018-6091 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2018-6101 | critical | — | 9.5 | — | multiple issues in chromium |