VIR Vulnerability Intelligence Relay

CVEs from 2018

3,719 normalized CVEs published or assigned in this year.

Total
3,719
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
6.1%
% with KEV
2.4%
% with exploit
2.4%

Top vendors

Top products

  • erpnext 4
  • terminal_services_manager 1
  • ultraiso 1
  • dolibarr_erp\/crm 1
  • gitbucket 1
  • pdfunite 1
  • qemu 1
  • virtualization_manager 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2018-17480 critical 10.0 4y ago multiple issues in chromium archdebian
CVE-2018-17463 critical 10.0 4y ago multiple issues in chromium arch
CVE-2018-7602 critical 10.0 8y ago A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. archphp
CVE-2018-7600 critical 10.0 8y ago Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. archphp
CVE-2018-25357 critical 9.8 9.8 5d ago Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the db_name parameter. Attackers ca…
CVE-2018-25350 critical 9.8 9.8 5d ago userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. At…
CVE-2018-25335 critical 9.8 9.8 11d ago WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint.…
CVE-2018-25332 critical 9.8 9.8 11d ago GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file uploa…
CVE-2018-25320 critical 9.8 9.8 11d ago ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can …
CVE-2018-25318 critical 9.8 9.8 29d ago Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers ca…
CVE-2018-25317 critical 9.8 9.8 29d ago Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient se…
CVE-2018-25316 critical 9.8 9.8 29d ago Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send…
CVE-2018-25272 critical 9.8 9.8 1mo ago ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to …
CVE-2018-17465 critical 9.5 multiple issues in chromium arch
CVE-2018-12383 critical 9.5 If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not de… archdebian
CVE-2018-5168 critical 9.5 Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without… archdebian
CVE-2018-10528 critical 9.5 An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. archdebian
CVE-2018-18640 critical 9.5 multiple issues in gitlab arch
CVE-2018-17466 critical 9.5 multiple issues in chromium archsusedebian
CVE-2018-17476 critical 9.5 multiple issues in chromium arch
CVE-2018-18342 critical 9.5 multiple issues in chromium archdebian
CVE-2018-18336 critical 9.5 multiple issues in chromium archdebian
CVE-2018-18344 critical 9.5 multiple issues in chromium archdebian
CVE-2018-11235 critical 9.5 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project… archsusedebian
CVE-2018-6114 critical 9.5 multiple issues in chromium arch
CVE-2018-18347 critical 9.5 multiple issues in chromium archdebian
CVE-2018-18335 critical 9.5 multiple issues in chromium archdebiansuse
CVE-2018-18346 critical 9.5 multiple issues in chromium archdebian
CVE-2018-17471 critical 9.5 multiple issues in chromium arch
CVE-2018-19628 critical 9.5 In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. archdebian
CVE-2018-5186 critical 9.5 Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. T… archsusedebian
CVE-2018-5183 critical 9.5 Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerabil… archdebian
CVE-2018-18345 critical 9.5 multiple issues in chromium archdebian
CVE-2018-6104 critical 9.5 multiple issues in chromium arch
CVE-2018-15688 critical 9.5 A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and includin… archsusedebian
CVE-2018-5181 critical 9.5 If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to p… archdebian
CVE-2018-5179 critical 9.5 multiple issues in chromium arch
CVE-2018-10529 critical 9.5 An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. archdebian
CVE-2018-6096 critical 9.5 multiple issues in chromium arch
CVE-2018-18492 critical 9.5 A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. T… archsusedebian
CVE-2018-18645 critical 9.5 multiple issues in gitlab arch
CVE-2018-6110 critical 9.5 multiple issues in chromium arch
CVE-2018-18648 critical 9.5 multiple issues in gitlab arch
CVE-2018-6092 critical 9.5 multiple issues in chromium arch
CVE-2018-6097 critical 9.5 multiple issues in chromium arch
CVE-2018-18497 critical 9.5 Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argumen… archsusedebian
CVE-2018-18641 critical 9.5 multiple issues in gitlab arch
CVE-2018-6111 critical 9.5 multiple issues in chromium arch
CVE-2018-18354 critical 9.5 multiple issues in chromium archdebian
CVE-2018-18351 critical 9.5 multiple issues in chromium archdebian
CVE-2018-18349 critical 9.5 multiple issues in chromium archdebian
CVE-2018-5162 critical 9.5 Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. archdebian
CVE-2018-17473 critical 9.5 multiple issues in chromium arch
CVE-2018-17474 critical 9.5 multiple issues in chromium arch
CVE-2018-6108 critical 9.5 multiple issues in chromium arch
CVE-2018-18340 critical 9.5 multiple issues in chromium archdebian
CVE-2018-17462 critical 9.5 multiple issues in chromium arch
CVE-2018-11233 critical 9.5 In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. archdebian
CVE-2018-6107 critical 9.5 multiple issues in chromium arch
CVE-2018-5160 critical 9.5 WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a pot… archdebian
CVE-2018-5187 critical 9.5 Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to ru… archsusedebian
CVE-2018-6093 critical 9.5 multiple issues in chromium arch
CVE-2018-18341 critical 9.5 multiple issues in chromium archdebian
CVE-2018-5177 critical 9.5 A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affect… archdebian
CVE-2018-6112 critical 9.5 multiple issues in chromium arch
CVE-2018-18503 critical 9.5 When JavaScript is used to create and manipulate an audio buffer, a potentially exploitable crash may occur because of a compartment mismatch in some situations. This vulnerability affects Firefox < … archsusedebian
CVE-2018-6102 critical 9.5 multiple issues in chromium arch
CVE-2018-6091 critical 9.5 multiple issues in chromium arch
CVE-2018-18339 critical 9.5 multiple issues in chromium archdebian
CVE-2018-6118 critical 9.5 arbitrary code execution in chromium arch
CVE-2018-18643 critical 9.5 multiple issues in gitlab arch
CVE-2018-6094 critical 9.5 multiple issues in chromium arch
CVE-2018-6098 critical 9.5 multiple issues in chromium arch
CVE-2018-6115 critical 9.5 multiple issues in chromium arch
CVE-2018-6100 critical 9.5 multiple issues in chromium arch
CVE-2018-17469 critical 9.5 multiple issues in chromium arch
CVE-2018-17477 critical 9.5 multiple issues in chromium arch
CVE-2018-17468 critical 9.5 multiple issues in chromium arch
CVE-2018-6099 critical 9.5 multiple issues in chromium arch
CVE-2018-6101 critical 9.5 multiple issues in chromium arch
CVE-2018-5163 critical 9.5 If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode… archdebian
CVE-2018-5164 critical 9.5 Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block… archdebian
CVE-2018-5167 critical 9.5 The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be … archdebian
CVE-2018-5166 critical 9.5 WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have exp… archdebian
CVE-2018-6106 critical 9.5 multiple issues in chromium arch
CVE-2018-6089 critical 9.5 multiple issues in chromium arch
CVE-2018-19876 critical 9.5 cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid… archdebian
CVE-2018-18646 critical 9.5 multiple issues in gitlab arch
CVE-2018-6109 critical 9.5 multiple issues in chromium arch
CVE-2018-5157 critical 9.5 Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing… archdebian
CVE-2018-6105 critical 9.5 multiple issues in chromium arch
CVE-2018-17464 critical 9.5 multiple issues in chromium arch
CVE-2018-18355 critical 9.5 multiple issues in chromium archdebian
CVE-2018-17467 critical 9.5 multiple issues in chromium arch
CVE-2018-18338 critical 9.5 multiple issues in chromium archdebian
CVE-2018-6103 critical 9.5 multiple issues in chromium arch
CVE-2018-18353 critical 9.5 multiple issues in chromium archdebian
CVE-2018-17475 critical 9.5 multiple issues in chromium arch
CVE-2018-17481 critical 9.5 multiple issues in chromium archdebian
CVE-2018-5145 critical 9.5 Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary cod… archsusedebian