2018 CVEs
17817 CVEs published in 2018. 2229 critical, 7232 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-21268 | Critical | 10.0 | 2020-06-25 | The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.ex… |
CVE-2018-4031 | Critical | 10.0 | 2019-10-31 | An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function… |
CVE-2018-4310 | Critical | 10.0 | 2019-04-03 | An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. |
CVE-2018-18815 | Critical | 10.0 | 2019-03-07 | The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for Active… |
CVE-2018-3991 | Critical | 10.0 | 2019-02-05 | An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafte… |
CVE-2018-18505 | Critical | 10.0 | 2019-02-05 | An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server pa… |
CVE-2018-5560 | Critical | 10.0 | 2019-01-31 | A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows… |
CVE-2018-14721 | Critical | 10.0 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block t… |
CVE-2018-1000838 | Critical | 10.0 | 2018-12-20 | autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, deni… |
CVE-2018-1000837 | Critical | 10.0 | 2018-12-20 | UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data… |
CVE-2018-1000835 | Critical | 10.0 | 2018-12-20 | KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, d… |
CVE-2018-1000831 | Critical | 10.0 | 2018-12-20 | K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denia… |
CVE-2018-1000830 | Critical | 10.0 | 2018-12-20 | XR3Player version <= V3.124 contains a XML External Entity (XXE) vulnerability in Playlist parser that can result in Disclosure of confidential data, denial of… |
CVE-2018-1000825 | Critical | 10.0 | 2018-12-20 | FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidenti… |
CVE-2018-1000823 | Critical | 10.0 | 2018-12-20 | exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data… |
CVE-2018-1000822 | Critical | 10.0 | 2018-12-20 | codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confiden… |
CVE-2018-1000821 | Critical | 10.0 | 2018-12-20 | MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confide… |
CVE-2018-1000820 | Critical | 10.0 | 2018-12-20 | neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosur… |
CVE-2018-13816 | Critical | 10.0 | 2018-12-12 | A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. S… |
CVE-2018-18843 | Critical | 10.0 | 2018-12-04 | The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF. |