CVEs from 2018
Total
3,288
critical
critical 226
high
high 266
medium
medium 224
low
low 32
% Critical
6.9%
% with KEV
2.7%
% with exploit
2.8%
Top vendors
- frappe 4
- redhat 2
- magix 1
- mybb 1
- gitbucket 1
- qemu 1
- dragonexpert 1
- kingsoftstore 1
Top products
- erpnext 4
- terminal_services_manager 1
- ultraiso 1
- dolibarr_erp\/crm 1
- gitbucket 1
- pdfunite 1
- qemu 1
- virtualization_manager 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2018-25020 | unknown | — | — | — | The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instruc… | |
| CVE-2018-3665 | unknown | — | — | — | System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculat… | |
| CVE-2018-5703 | unknown | — | — | — | The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified othe… | |
| CVE-2018-3693 | unknown | — | — | — | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer over… | |
| CVE-2018-5333 | unknown | — | — | — | In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL … | |
| CVE-2018-5332 | unknown | — | — | — | In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rd… | |
| CVE-2018-5344 | unknown | — | — | — | In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have uns… | |
| CVE-2018-5750 | unknown | — | — | — | The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. | |
| CVE-2018-5803 | unknown | — | — | — | In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length ca… | |
| CVE-2018-5814 | unknown | — | — | — | In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-afte… | |
| CVE-2018-5848 | unknown | — | — | — | In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all And… | |
| CVE-2018-5873 | unknown | — | — | — | An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affec… | |
| CVE-2018-5953 | unknown | — | — | — | The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk c… | |
| CVE-2018-5995 | unknown | — | — | — | The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. | |
| CVE-2018-6554 | unknown | — | — | — | Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory con… | |
| CVE-2018-6555 | unknown | — | — | — | The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-afte… | |
| CVE-2018-6412 | unknown | — | — | — | In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and… | |
| CVE-2018-6559 | unknown | — | — | — | The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user … | |
| CVE-2018-7191 | unknown | — | — | — | In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and… | |
| CVE-2018-6927 | unknown | — | — | — | The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by trig… | |
| CVE-2018-7492 | unknown | — | — | — | A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, relate… | |
| CVE-2018-7273 | unknown | — | — | — | In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An a… | |
| CVE-2018-7480 | unknown | — | — | — | The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggeri… | |
| CVE-2018-7566 | unknown | — | — | — | The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. | |
| CVE-2018-7754 | unknown | — | — | — | The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugf… | |
| CVE-2018-9415 | unknown | — | — | — | In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges … | |
| CVE-2018-7740 | unknown | — | — | — | The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a… | |
| CVE-2018-7757 | unknown | — | — | — | Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via ma… | |
| CVE-2018-7755 | unknown | — | — | — | An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FD… | |
| CVE-2018-7995 | unknown | — | — | — | Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging ro… | |
| CVE-2018-8043 | unknown | — | — | — | The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of s… | |
| CVE-2018-8087 | unknown | — | — | — | Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by trig… | |
| CVE-2018-8781 | unknown | — | — | — | The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udl… | |
| CVE-2018-8822 | unknown | — | — | — | Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16… | |
| CVE-2018-9363 | unknown | — | — | — | In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exp… | |
| CVE-2018-9385 | unknown | — | — | — | In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. … | |
| CVE-2018-9465 | unknown | — | — | — | In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed… | |
| CVE-2018-9422 | unknown | — | — | — | In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed f… | |
| CVE-2018-9516 | unknown | — | — | — | In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution priv… | |
| CVE-2018-9517 | unknown | — | — | — | In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee… | |
| CVE-2018-9518 | unknown | — | — | — | In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privilege… | |
| CVE-2018-9568 | unknown | — | — | — | In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interact… | |
| CVE-2018-13098 | unknown | — | — | — | An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_A… | |
| CVE-2018-25068 | unknown | — | — | 3y ago | globalpom-utils has Insecure Temporary File | |
| CVE-2018-18855 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Spray JSON | |
| CVE-2018-10899 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jolokia | |
| CVE-2018-17196 | unknown | — | — | 4y ago | Improper Input Validation in Apache Kafka | |
| CVE-2018-1000008 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins PMD Plugin | |
| CVE-2018-1000009 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Checkstyle Plugin | |
| CVE-2018-1000010 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins DRY Plugin | |
| CVE-2018-1000011 | unknown | — | — | 4y ago | XML External Entity Reference in Jenkins FindBugs Plugin | |
| CVE-2018-1000012 | unknown | — | — | 4y ago | XXE vulnerability Jenkins Warnings Plugin | |
| CVE-2018-1000014 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Translation Assistance plugin | |
| CVE-2018-1000013 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Release plugin | |
| CVE-2018-1192 | unknown | — | — | 4y ago | Cloud Foundry UAA SessionID present in Audit Event Logs | |
| CVE-2018-1000056 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin | |
| CVE-2018-1000055 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Android Lint Plugin | |
| CVE-2018-1000058 | unknown | — | — | 4y ago | Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin | |
| CVE-2018-1000054 | unknown | — | — | 4y ago | Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference | |
| CVE-2018-1316 | unknown | — | — | 4y ago | Apache ODE Path Traversal vulnerability | |
| CVE-2018-1000113 | unknown | — | — | 4y ago | Stored cross-site scripting vulnerability in Jenkins TestLink Plugin | |
| CVE-2018-1000108 | unknown | — | — | 4y ago | Reflected cross-site-scripting vulnerability in report URL of Jenkins CppNCSS Plugin | |
| CVE-2018-1000144 | unknown | — | — | 4y ago | Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability | |
| CVE-2018-1000151 | unknown | — | — | 4y ago | Jenkins vSphere Plugin disables SSL/TLS certificate validation by default | |
| CVE-2018-1000150 | unknown | — | — | 4y ago | Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users | |
| CVE-2018-1000147 | unknown | — | — | 4y ago | Jenkins Perforce Plugin exposure of sensitive information vulnerability exists | |
| CVE-2018-1000142 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials | |
| CVE-2018-1000143 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin | |
| CVE-2018-1000153 | unknown | — | — | 4y ago | Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability | |
| CVE-2018-1000148 | unknown | — | — | 4y ago | Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system | |
| CVE-2018-1000173 | unknown | — | — | 4y ago | Jenkins Google Login Plugin Session Fixation vulnerability | |
| CVE-2018-1000174 | unknown | — | — | 4y ago | Jenkins Google Login Plugin Open Redirect vulnerability | |
| CVE-2018-1000176 | unknown | — | — | 4y ago | Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field | |
| CVE-2018-1000177 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins S3 Publisher Plugin | |
| CVE-2018-1000175 | unknown | — | — | 4y ago | Jenkins HTML Publisher Plugin path traversal vulnerability | |
| CVE-2018-1310 | unknown | — | — | 4y ago | Apache NiFi JMS Deserialization issue | |
| CVE-2018-1309 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Apache NiFi | |
| CVE-2018-11651 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog | |
| CVE-2018-11650 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog Server | |
| CVE-2018-1000182 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins Git Plugin | |
| CVE-2018-1000188 | unknown | — | — | 4y ago | Jenkins CAS Plugin Server-Side Request Forgery vulnerability | |
| CVE-2018-1000186 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability | |
| CVE-2018-1000184 | unknown | — | — | 4y ago | Jenkins GitHub Plugin server-side request forgery vulnerability exists | |
| CVE-2018-1000187 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Jenkins Kubernetes Plugin | |
| CVE-2018-1000185 | unknown | — | — | 4y ago | Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery | |
| CVE-2018-1000183 | unknown | — | — | 4y ago | Jenkins GitHub Plugin exposure of sensitive information vulnerability exists | |
| CVE-2018-1000202 | unknown | — | — | 4y ago | Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting | |
| CVE-2018-1000198 | unknown | — | — | 4y ago | XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin | |
| CVE-2018-1000196 | unknown | — | — | 4y ago | Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text | |
| CVE-2018-1000190 | unknown | — | — | 4y ago | Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin | |
| CVE-2018-12036 | unknown | — | — | 4y ago | Path Traversal in OWASP Dependency-Check | |
| CVE-2018-12432 | unknown | — | — | 4y ago | Cross-site Scripting in JavaMelody | |
| CVE-2018-1000601 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin | |
| CVE-2018-1000602 | unknown | — | — | 4y ago | Jenkins SAML Plugin Session Fixation vulnerability | |
| CVE-2018-12973 | unknown | — | — | 4y ago | OpenTSDB Cross-site Scripting vulnerability | |
| CVE-2018-13003 | unknown | — | — | 4y ago | OpenTSDB Cross-site Scripting vulnerability | |
| CVE-2018-1000604 | unknown | — | — | 4y ago | Jenkins Badge Plugin cross-site scripting vulnerability | |
| CVE-2018-1000609 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information | |
| CVE-2018-11041 | unknown | — | — | 4y ago | Cloud Foundry UAA open redirect | |
| CVE-2018-1000606 | unknown | — | — | 4y ago | URLTrigger Plugin server-side request forgery vulnerability |