2018 Pwnie Award Nominees

Best Client-Side Bug

A Bug Has No Name

CVE-2017-11882

CVE-2017-5116

DynoRoot

SOAP Dropper

The 12 Logic Bug Gifts of Christmas

Best Cryptographic Attack

Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

IOTA Curl-P

Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse

Return Of Bleichenbacher’s Oracle Threat

The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli

Best Privilege Escalation Bug

Holey Beep

Meltdown and Spectre

RAMPAGE

backboardd Double free()

waitid

Best Server-Side Bug

Drupalmageddon 2 and 3

Exim Off-by-one RCE

Frag Grenade

HP iLO and Dell iDRAC multiple RCEs

Intel AMT Remote Vulnerability

Lamest Vendor Response

Bitfi

Budapest Transport Authority (BKK)

T-Mobile Austria / Käthe and andrea of support

ThinkRace / Trackmageddon

Yubico

Lifetime Achievement Award

Michał Zalewski

Most Innovative Research

GrandPwningUnit/GLitch

Smashing-Smart-Contracts

Spectre/Meltdown

TLBleed

Throwhammer

Most Over-Hyped Bug

EFAIL

Holey Beep

Meltdown and Spectre

Zip Slip

Zipperdown