CVEs from 2018
Total
3,288
critical
critical 226
high
high 266
medium
medium 224
low
low 32
% Critical
6.9%
% with KEV
2.7%
% with exploit
2.8%
Top vendors
- frappe 4
- redhat 2
- magix 1
- mybb 1
- gitbucket 1
- qemu 1
- dragonexpert 1
- kingsoftstore 1
Top products
- erpnext 4
- terminal_services_manager 1
- ultraiso 1
- dolibarr_erp\/crm 1
- gitbucket 1
- pdfunite 1
- qemu 1
- virtualization_manager 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2018-16862 | unknown | — | — | — | A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain le… | |
| CVE-2018-17972 | unknown | — | — | — | An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allo… | |
| CVE-2018-16658 | unknown | — | — | — | An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a ca… | |
| CVE-2018-16597 | unknown | — | — | — | An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem. | |
| CVE-2018-16276 | unknown | — | — | — | An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB … | |
| CVE-2018-1000204 | unknown | — | — | — | Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages… | |
| CVE-2018-16871 | unknown | — | — | — | A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null po… | |
| CVE-2018-15572 | unknown | — | — | — | The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduc… | |
| CVE-2018-15471 | unknown | — | — | — | An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver all… | |
| CVE-2018-14734 | unknown | — | — | — | drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to … | |
| CVE-2018-14656 | unknown | — | — | — | A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log. | |
| CVE-2018-14678 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which al… | |
| CVE-2018-14646 | unknown | — | — | — | The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could explo… | |
| CVE-2018-14625 | unknown | — | — | — | A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may al… | |
| CVE-2018-16880 | unknown | — | — | — | A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on … | |
| CVE-2018-14619 | unknown | — | — | — | A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was free… | |
| CVE-2018-14617 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link… | |
| CVE-2018-14616 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image. | |
| CVE-2018-14615 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be nega… | |
| CVE-2018-14614 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image. | |
| CVE-2018-14613 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block… | |
| CVE-2018-14610 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verificatio… | |
| CVE-2018-14611 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in bt… | |
| CVE-2018-14609 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to rem… | |
| CVE-2018-13406 | unknown | — | — | — | An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially el… | |
| CVE-2018-13097 | unknown | — | — | — | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, le… | |
| CVE-2018-13096 | unknown | — | — | — | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mountin… | |
| CVE-2018-13100 | unknown | — | — | — | An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. | |
| CVE-2018-13099 | unknown | — | — | — | An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inlin… | |
| CVE-2018-13094 | unknown | — | — | — | An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. | |
| CVE-2018-13093 | unknown | — | — | — | An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks o… | |
| CVE-2018-13053 | unknown | — | — | — | The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. | |
| CVE-2018-12931 | unknown | — | — | — | ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possib… | |
| CVE-2018-12930 | unknown | — | — | — | ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or pani… | |
| CVE-2018-13095 | unknown | — | — | — | An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an i… | |
| CVE-2018-12929 | unknown | — | — | — | ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via … | |
| CVE-2018-12928 | unknown | — | — | — | In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem. | |
| CVE-2018-12896 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on i… | |
| CVE-2018-12904 | unknown | — | — | — | In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial… | |
| CVE-2018-12714 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one… | |
| CVE-2018-12633 | unknown | — | — | — | An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of … | |
| CVE-2018-12233 | unknown | — | — | — | In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on t… | |
| CVE-2018-12232 | unknown | — | — | — | In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sock… | |
| CVE-2018-12207 | unknown | — | — | — | Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host s… | |
| CVE-2018-12127 | unknown | — | — | — | Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via… | |
| CVE-2018-12130 | unknown | — | — | — | Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure… | |
| CVE-2018-12126 | unknown | — | — | — | Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosu… | |
| CVE-2018-11987 | unknown | — | — | — | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in w… | |
| CVE-2018-11506 | unknown | — | — | — | The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified othe… | |
| CVE-2018-11412 | unknown | — | — | — | In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that sto… | |
| CVE-2018-1130 | unknown | — | — | — | Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a numbe… | |
| CVE-2018-25068 | unknown | — | — | 3y ago | globalpom-utils has Insecure Temporary File | |
| CVE-2018-18855 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Spray JSON | |
| CVE-2018-10899 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jolokia | |
| CVE-2018-17196 | unknown | — | — | 4y ago | Improper Input Validation in Apache Kafka | |
| CVE-2018-1000008 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins PMD Plugin | |
| CVE-2018-1000009 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Checkstyle Plugin | |
| CVE-2018-1000010 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins DRY Plugin | |
| CVE-2018-1000011 | unknown | — | — | 4y ago | XML External Entity Reference in Jenkins FindBugs Plugin | |
| CVE-2018-1000014 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Translation Assistance plugin | |
| CVE-2018-1000013 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Release plugin | |
| CVE-2018-1000012 | unknown | — | — | 4y ago | XXE vulnerability Jenkins Warnings Plugin | |
| CVE-2018-1192 | unknown | — | — | 4y ago | Cloud Foundry UAA SessionID present in Audit Event Logs | |
| CVE-2018-1000056 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin | |
| CVE-2018-1000055 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Android Lint Plugin | |
| CVE-2018-1000058 | unknown | — | — | 4y ago | Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin | |
| CVE-2018-1000054 | unknown | — | — | 4y ago | Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference | |
| CVE-2018-1316 | unknown | — | — | 4y ago | Apache ODE Path Traversal vulnerability | |
| CVE-2018-1000113 | unknown | — | — | 4y ago | Stored cross-site scripting vulnerability in Jenkins TestLink Plugin | |
| CVE-2018-1000108 | unknown | — | — | 4y ago | Reflected cross-site-scripting vulnerability in report URL of Jenkins CppNCSS Plugin | |
| CVE-2018-1000144 | unknown | — | — | 4y ago | Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability | |
| CVE-2018-1000147 | unknown | — | — | 4y ago | Jenkins Perforce Plugin exposure of sensitive information vulnerability exists | |
| CVE-2018-1000150 | unknown | — | — | 4y ago | Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users | |
| CVE-2018-1000151 | unknown | — | — | 4y ago | Jenkins vSphere Plugin disables SSL/TLS certificate validation by default | |
| CVE-2018-1000142 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials | |
| CVE-2018-1000143 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin | |
| CVE-2018-1000153 | unknown | — | — | 4y ago | Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability | |
| CVE-2018-1000148 | unknown | — | — | 4y ago | Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system | |
| CVE-2018-1000173 | unknown | — | — | 4y ago | Jenkins Google Login Plugin Session Fixation vulnerability | |
| CVE-2018-1000174 | unknown | — | — | 4y ago | Jenkins Google Login Plugin Open Redirect vulnerability | |
| CVE-2018-1000176 | unknown | — | — | 4y ago | Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field | |
| CVE-2018-1000177 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins S3 Publisher Plugin | |
| CVE-2018-1000175 | unknown | — | — | 4y ago | Jenkins HTML Publisher Plugin path traversal vulnerability | |
| CVE-2018-1310 | unknown | — | — | 4y ago | Apache NiFi JMS Deserialization issue | |
| CVE-2018-1309 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Apache NiFi | |
| CVE-2018-11650 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog Server | |
| CVE-2018-11651 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog | |
| CVE-2018-1000182 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins Git Plugin | |
| CVE-2018-1000188 | unknown | — | — | 4y ago | Jenkins CAS Plugin Server-Side Request Forgery vulnerability | |
| CVE-2018-1000183 | unknown | — | — | 4y ago | Jenkins GitHub Plugin exposure of sensitive information vulnerability exists | |
| CVE-2018-1000184 | unknown | — | — | 4y ago | Jenkins GitHub Plugin server-side request forgery vulnerability exists | |
| CVE-2018-1000185 | unknown | — | — | 4y ago | Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery | |
| CVE-2018-1000202 | unknown | — | — | 4y ago | Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting | |
| CVE-2018-1000187 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Jenkins Kubernetes Plugin | |
| CVE-2018-1000186 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability | |
| CVE-2018-1000190 | unknown | — | — | 4y ago | Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin | |
| CVE-2018-1000196 | unknown | — | — | 4y ago | Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text | |
| CVE-2018-1000198 | unknown | — | — | 4y ago | XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin | |
| CVE-2018-12036 | unknown | — | — | 4y ago | Path Traversal in OWASP Dependency-Check | |
| CVE-2018-12432 | unknown | — | — | 4y ago | Cross-site Scripting in JavaMelody |