CVEs from 2018

2,853 normalized CVEs published or assigned in this year.

Total
2,853
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-4361 unknown A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
CVE-2018-4373 unknown Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
CVE-2018-4378 unknown A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.
CVE-2018-4392 unknown Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Window…
CVE-2018-4464 unknown Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows,…
CVE-2018-4437 unknown Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows,…
CVE-2018-1000028 unknown Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading o…
CVE-2018-10087 unknown The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering a…
CVE-2018-10124 unknown The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an…
CVE-2018-1065 unknown The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of servic…
CVE-2018-1068 unknown A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVE-2018-10883 unknown A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operati…
CVE-2018-1092 unknown The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (e…
CVE-2018-1093 unknown The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 ima…
CVE-2018-13099 unknown An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inlin…
CVE-2018-13100 unknown An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.
CVE-2018-13096 unknown An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mountin…
CVE-2018-14613 unknown An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block…
CVE-2018-14614 unknown An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.
CVE-2018-14615 unknown An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be nega…
CVE-2018-14616 unknown An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.
CVE-2018-14617 unknown An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link…
CVE-2018-16880 unknown A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on …
CVE-2018-14625 unknown A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may al…
CVE-2018-14678 unknown An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which al…
CVE-2018-19407 unknown The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that…
CVE-2018-20449 unknown The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.
CVE-2018-20510 unknown The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines …
CVE-2018-20511 unknown An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging C…
CVE-2018-3574 unknown In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_S…
CVE-2018-20855 unknown An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to…
CVE-2018-21008 unknown An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c.
CVE-2018-20854 unknown An issue was discovered in the Linux kernel before 4.20. drivers/phy/mscc/phy-ocelot-serdes.c has an off-by-one error with a resultant ctrl->phys out-of-bounds read.
CVE-2018-20961 unknown In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of ser…
CVE-2018-25020 unknown The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instruc…
CVE-2018-3665 unknown System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculat…
CVE-2018-5703 unknown The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified othe…
CVE-2018-3693 unknown Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer over…
CVE-2018-5332 unknown In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rd…
CVE-2018-5344 unknown In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have uns…
CVE-2018-5803 unknown In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length ca…
CVE-2018-6554 unknown Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory con…
CVE-2018-5953 unknown The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk c…
CVE-2018-5995 unknown The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.
CVE-2018-6927 unknown The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by trig…
CVE-2018-7492 unknown A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, relate…
CVE-2018-20533 unknown There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-10888 unknown A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use…
CVE-2018-9135 unknown In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
CVE-2018-14424 unknown The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially…
CVE-2018-1000003 unknown Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
CVE-2018-11251 unknown In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGra…
CVE-2018-14436 unknown ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
CVE-2018-11655 unknown In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted C…
CVE-2018-11656 unknown In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image fil…
CVE-2018-12600 unknown In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
CVE-2018-14434 unknown ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
CVE-2018-16329 unknown In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c.
CVE-2018-14551 unknown The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
CVE-2018-16328 unknown In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.
CVE-2018-16640 unknown ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.
CVE-2018-16641 unknown ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c.
CVE-2018-16642 unknown The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.
CVE-2018-16643 unknown The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of th…
CVE-2018-16749 unknown In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a c…
CVE-2018-17967 unknown ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c.
CVE-2018-12040 unknown Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _pro…
CVE-2018-5389 unknown The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentic…
CVE-2018-14618 unknown curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to fig…
CVE-2018-12608 unknown 2y ago An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows sy…
CVE-2018-25068 unknown 4y ago globalpom-utils has Insecure Temporary File
CVE-2018-18855 unknown 4y ago Uncontrolled Resource Consumption in Spray JSON
CVE-2018-10899 unknown 4y ago Cross-Site Request Forgery in Jolokia
CVE-2018-17196 unknown 4y ago Improper Input Validation in Apache Kafka
CVE-2018-1000009 unknown 4y ago XXE vulnerability in Jenkins Checkstyle Plugin
CVE-2018-1000010 unknown 4y ago XXE vulnerability in Jenkins DRY Plugin
CVE-2018-1000008 unknown 4y ago XXE vulnerability in Jenkins PMD Plugin
CVE-2018-1000011 unknown 4y ago XML External Entity Reference in Jenkins FindBugs Plugin
CVE-2018-1000012 unknown 4y ago XXE vulnerability Jenkins Warnings Plugin
CVE-2018-1000014 unknown 4y ago CSRF vulnerability in Jenkins Translation Assistance plugin
CVE-2018-1000013 unknown 4y ago CSRF vulnerability in Jenkins Release plugin
CVE-2018-1192 unknown 4y ago Cloud Foundry UAA SessionID present in Audit Event Logs
CVE-2018-1000056 unknown 4y ago Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin
CVE-2018-1000055 unknown 4y ago XXE vulnerability in Jenkins Android Lint Plugin
CVE-2018-1000058 unknown 4y ago Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin
CVE-2018-1000054 unknown 4y ago Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference
CVE-2018-1316 unknown 4y ago Apache ODE Path Traversal vulnerability
CVE-2018-1000113 unknown 4y ago Stored cross-site scripting vulnerability in Jenkins TestLink Plugin
CVE-2018-1000108 unknown 4y ago Reflected cross-site-scripting vulnerability in report URL of Jenkins CppNCSS Plugin
CVE-2018-1000144 unknown 4y ago Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability
CVE-2018-1000151 unknown 4y ago Jenkins vSphere Plugin disables SSL/TLS certificate validation by default
CVE-2018-1000147 unknown 4y ago Jenkins Perforce Plugin exposure of sensitive information vulnerability exists
CVE-2018-1000150 unknown 4y ago Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
CVE-2018-1000142 unknown 4y ago Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials
CVE-2018-1000143 unknown 4y ago Jenkins GitHub Pull Request Builder Plugin
CVE-2018-1000153 unknown 4y ago Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability
CVE-2018-1000148 unknown 4y ago Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system
CVE-2018-1000173 unknown 4y ago Jenkins Google Login Plugin Session Fixation vulnerability
CVE-2018-1000174 unknown 4y ago Jenkins Google Login Plugin Open Redirect vulnerability
CVE-2018-1000175 unknown 4y ago Jenkins HTML Publisher Plugin path traversal vulnerability