CVEs from 2018

2,853 normalized CVEs published or assigned in this year.

Total
2,853
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-4146 unknown An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. …
CVE-2018-4161 unknown An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. …
CVE-2018-4378 unknown A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
CVE-2018-4392 unknown Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Window…
CVE-2018-4464 unknown Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows,…
CVE-2018-4437 unknown Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows,…
CVE-2018-13099 unknown An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inlin…
CVE-2018-13100 unknown An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.
CVE-2018-13096 unknown An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mountin…
CVE-2018-14613 unknown An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block…
CVE-2018-14614 unknown An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.
CVE-2018-14615 unknown An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be nega…
CVE-2018-14616 unknown An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.
CVE-2018-14617 unknown An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link…
CVE-2018-16880 unknown A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on …
CVE-2018-14625 unknown A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may al…
CVE-2018-14678 unknown An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which al…
CVE-2018-25020 unknown The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instruc…
CVE-2018-5091 unknown A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.…
CVE-2018-5703 unknown The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified othe…
CVE-2018-3693 unknown Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer over…
CVE-2018-5332 unknown In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rd…
CVE-2018-5344 unknown In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have uns…
CVE-2018-5803 unknown In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length ca…
CVE-2018-6554 unknown Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory con…
CVE-2018-5953 unknown The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk c…
CVE-2018-5995 unknown The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.
CVE-2018-14618 unknown curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to fig…
CVE-2018-6927 unknown The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by trig…
CVE-2018-7492 unknown A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, relate…
CVE-2018-10017 unknown soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern l…
CVE-2018-10177 unknown In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a craf…
CVE-2018-10805 unknown ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.
CVE-2018-10888 unknown A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use…
CVE-2018-14424 unknown The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially…
CVE-2018-1000003 unknown Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
CVE-2018-5247 unknown In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.
CVE-2018-18016 unknown ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
CVE-2018-18023 unknown In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.
CVE-2018-18024 unknown In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a cra…
CVE-2018-18025 unknown In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file.
CVE-2018-5358 unknown ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.
CVE-2018-5248 unknown In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.
CVE-2018-6930 unknown A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash)…
CVE-2018-7470 unknown An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.
CVE-2018-8804 unknown WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified oth…
CVE-2018-8960 unknown The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.
CVE-2018-21009 unknown Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
CVE-2018-12563 unknown An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavas…
CVE-2018-12564 unknown An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on…
CVE-2018-7685 unknown The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow …
CVE-2018-5093 unknown A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.
CVE-2018-12040 unknown Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _pro…
CVE-2018-5104 unknown A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbi…
CVE-2018-20749 unknown LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
CVE-2018-1091 unknown In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POW…
CVE-2018-10938 unknown A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4…
CVE-2018-10940 unknown The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl …
CVE-2018-1095 unknown The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and con…
CVE-2018-1118 unknown Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This ca…
CVE-2018-11232 unknown The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrect…
CVE-2018-1130 unknown Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a numbe…
CVE-2018-11506 unknown The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified othe…
CVE-2018-5148 unknown A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable …
CVE-2018-12232 unknown In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sock…
CVE-2018-12930 unknown ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or pani…
CVE-2018-12233 unknown In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on t…
CVE-2018-4375 unknown Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
CVE-2018-16513 unknown In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other i…
CVE-2018-12608 unknown 2y ago An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows sy…
CVE-2018-25068 unknown 4y ago globalpom-utils has Insecure Temporary File
CVE-2018-18855 unknown 4y ago Uncontrolled Resource Consumption in Spray JSON
CVE-2018-10899 unknown 4y ago Cross-Site Request Forgery in Jolokia
CVE-2018-17196 unknown 4y ago Improper Input Validation in Apache Kafka
CVE-2018-1000010 unknown 4y ago XXE vulnerability in Jenkins DRY Plugin
CVE-2018-1000008 unknown 4y ago XXE vulnerability in Jenkins PMD Plugin
CVE-2018-1000009 unknown 4y ago XXE vulnerability in Jenkins Checkstyle Plugin
CVE-2018-1000011 unknown 4y ago XML External Entity Reference in Jenkins FindBugs Plugin
CVE-2018-1000013 unknown 4y ago CSRF vulnerability in Jenkins Release plugin
CVE-2018-1000014 unknown 4y ago CSRF vulnerability in Jenkins Translation Assistance plugin
CVE-2018-1000012 unknown 4y ago XXE vulnerability Jenkins Warnings Plugin
CVE-2018-1192 unknown 4y ago Cloud Foundry UAA SessionID present in Audit Event Logs
CVE-2018-1000056 unknown 4y ago Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin
CVE-2018-1000055 unknown 4y ago XXE vulnerability in Jenkins Android Lint Plugin
CVE-2018-1000058 unknown 4y ago Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin
CVE-2018-1000054 unknown 4y ago Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference
CVE-2018-1316 unknown 4y ago Apache ODE Path Traversal vulnerability
CVE-2018-1000113 unknown 4y ago Stored cross-site scripting vulnerability in Jenkins TestLink Plugin
CVE-2018-1000108 unknown 4y ago Reflected cross-site-scripting vulnerability in report URL of Jenkins CppNCSS Plugin
CVE-2018-1000144 unknown 4y ago Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability
CVE-2018-1000151 unknown 4y ago Jenkins vSphere Plugin disables SSL/TLS certificate validation by default
CVE-2018-1000147 unknown 4y ago Jenkins Perforce Plugin exposure of sensitive information vulnerability exists
CVE-2018-1000150 unknown 4y ago Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
CVE-2018-1000142 unknown 4y ago Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials
CVE-2018-1000143 unknown 4y ago Jenkins GitHub Pull Request Builder Plugin
CVE-2018-1000148 unknown 4y ago Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system
CVE-2018-1000153 unknown 4y ago Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability
CVE-2018-1000173 unknown 4y ago Jenkins Google Login Plugin Session Fixation vulnerability
CVE-2018-1000174 unknown 4y ago Jenkins Google Login Plugin Open Redirect vulnerability
CVE-2018-1000175 unknown 4y ago Jenkins HTML Publisher Plugin path traversal vulnerability