VIR Vulnerability Intelligence Relay

CVEs from 2018

2,860 normalized CVEs published or assigned in this year.

Total
2,860
critical
critical 238
high
high 329
medium
medium 260
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-25068 unknown 4y ago globalpom-utils has Insecure Temporary File
CVE-2018-18855 unknown 4y ago Uncontrolled Resource Consumption in Spray JSON
CVE-2018-10899 unknown 4y ago Cross-Site Request Forgery in Jolokia
CVE-2018-17196 unknown 4y ago Improper Input Validation in Apache Kafka
CVE-2018-1000009 unknown 4y ago XXE vulnerability in Jenkins Checkstyle Plugin
CVE-2018-1000008 unknown 4y ago XXE vulnerability in Jenkins PMD Plugin
CVE-2018-1000010 unknown 4y ago XXE vulnerability in Jenkins DRY Plugin
CVE-2018-1000011 unknown 4y ago XML External Entity Reference in Jenkins FindBugs Plugin
CVE-2018-1000014 unknown 4y ago CSRF vulnerability in Jenkins Translation Assistance plugin
CVE-2018-1000013 unknown 4y ago CSRF vulnerability in Jenkins Release plugin
CVE-2018-1000012 unknown 4y ago XXE vulnerability Jenkins Warnings Plugin
CVE-2018-1192 unknown 4y ago Cloud Foundry UAA SessionID present in Audit Event Logs
CVE-2018-1000056 unknown 4y ago Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin
CVE-2018-1000055 unknown 4y ago XXE vulnerability in Jenkins Android Lint Plugin
CVE-2018-1000058 unknown 4y ago Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin
CVE-2018-1000054 unknown 4y ago Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference
CVE-2018-1316 unknown 4y ago Apache ODE Path Traversal vulnerability
CVE-2018-1000113 unknown 4y ago Stored cross-site scripting vulnerability in Jenkins TestLink Plugin
CVE-2018-1000108 unknown 4y ago Reflected cross-site-scripting vulnerability in report URL of Jenkins CppNCSS Plugin
CVE-2018-1000144 unknown 4y ago Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability
CVE-2018-1000147 unknown 4y ago Jenkins Perforce Plugin exposure of sensitive information vulnerability exists
CVE-2018-1000150 unknown 4y ago Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
CVE-2018-1000151 unknown 4y ago Jenkins vSphere Plugin disables SSL/TLS certificate validation by default
CVE-2018-1000143 unknown 4y ago Jenkins GitHub Pull Request Builder Plugin
CVE-2018-1000142 unknown 4y ago Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials
CVE-2018-1000148 unknown 4y ago Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system
CVE-2018-1000153 unknown 4y ago Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability
CVE-2018-1000174 unknown 4y ago Jenkins Google Login Plugin Open Redirect vulnerability
CVE-2018-1000173 unknown 4y ago Jenkins Google Login Plugin Session Fixation vulnerability
CVE-2018-1000177 unknown 4y ago Stored XSS vulnerability in Jenkins S3 Publisher Plugin
CVE-2018-1000175 unknown 4y ago Jenkins HTML Publisher Plugin path traversal vulnerability
CVE-2018-1000176 unknown 4y ago Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field
CVE-2018-1310 unknown 4y ago Apache NiFi JMS Deserialization issue
CVE-2018-1309 unknown 4y ago Improper Restriction of XML External Entity Reference in Apache NiFi
CVE-2018-11650 unknown 4y ago Cross-site Scripting in Graylog Server
CVE-2018-11651 unknown 4y ago Cross-site Scripting in Graylog
CVE-2018-1000182 unknown 4y ago Server-Side Request Forgery in Jenkins Git Plugin
CVE-2018-1000183 unknown 4y ago Jenkins GitHub Plugin exposure of sensitive information vulnerability exists
CVE-2018-1000187 unknown 4y ago Exposure of Sensitive Information in Jenkins Kubernetes Plugin
CVE-2018-1000184 unknown 4y ago Jenkins GitHub Plugin server-side request forgery vulnerability exists
CVE-2018-1000188 unknown 4y ago Jenkins CAS Plugin Server-Side Request Forgery vulnerability
CVE-2018-1000202 unknown 4y ago Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting
CVE-2018-1000186 unknown 4y ago Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
CVE-2018-1000185 unknown 4y ago Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
CVE-2018-1000190 unknown 4y ago Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin
CVE-2018-1000196 unknown 4y ago Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text
CVE-2018-1000198 unknown 4y ago XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin
CVE-2018-12036 unknown 4y ago Path Traversal in OWASP Dependency-Check
CVE-2018-12432 unknown 4y ago Cross-site Scripting in JavaMelody
CVE-2018-11407 unknown 4y ago An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by l…
CVE-2018-1000601 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin
CVE-2018-1000602 unknown 4y ago Jenkins SAML Plugin Session Fixation vulnerability
CVE-2018-12973 unknown 4y ago OpenTSDB Cross-site Scripting vulnerability
CVE-2018-13003 unknown 4y ago OpenTSDB Cross-site Scripting vulnerability
CVE-2018-1000604 unknown 4y ago Jenkins Badge Plugin cross-site scripting vulnerability
CVE-2018-11041 unknown 4y ago Cloud Foundry UAA open redirect
CVE-2018-1000609 unknown 4y ago Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information
CVE-2018-1000607 unknown 4y ago Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin
CVE-2018-1000606 unknown 4y ago URLTrigger Plugin server-side request forgery vulnerability
CVE-2018-13439 unknown 4y ago WeChat Pay Java SDK allows XXE
CVE-2018-1000402 unknown 4y ago Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials
CVE-2018-14380 unknown 4y ago Cross-site Scripting in Graylog Server
CVE-2018-14371 unknown 4y ago Path Traversal in Eclipse Mojarra
CVE-2018-1999029 unknown 4y ago Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin
CVE-2018-1999031 unknown 4y ago Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
CVE-2018-1999041 unknown 4y ago Exposure of sensitive information vulnerability
CVE-2018-1999026 unknown 4y ago Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
CVE-2018-1999025 unknown 4y ago Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
CVE-2018-1999035 unknown 4y ago Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1999034 unknown 4y ago Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1000605 unknown 4y ago Jenkins CollabNet Plugin man in the middle vulnerability
CVE-2018-1999037 unknown 4y ago Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
CVE-2018-1999038 unknown 4y ago Jenkins Publisher Over CIFS Plugin confused deputy vulnerability
CVE-2018-1999039 unknown 4y ago Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin
CVE-2018-14774 unknown 4y ago An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http…
CVE-2018-11758 unknown 4y ago XML External Entity Reference in Apache Cayenne
CVE-2018-1000665 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
CVE-2018-17366 unknown 4y ago Mingsoft MCMS CSRF vulnerability
CVE-2018-16277 unknown 4y ago XWiki XSS Vulnerability
CVE-2018-11804 unknown 4y ago Improper Input Validation in Apache Spark
CVE-2018-17983 unknown 4y ago cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
CVE-2018-17605 unknown 4y ago Asset Pipeline plugin for Grails vulnerable to Path Traversal
CVE-2018-19413 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
CVE-2018-20227 unknown 4y ago RDF4J vulnerable to zip slip
CVE-2018-20663 unknown 4y ago The Reporting Addon for CUBA Platform has Persistent XSS
CVE-2018-1000413 unknown 4y ago Stored XSS vulnerability in Config File Provider Plugin
CVE-2018-1000417 unknown 4y ago CSRF vulnerability in Email Extension Template Plugin
CVE-2018-1000414 unknown 4y ago CSRF vulnerability in Config File Provider Plugin
CVE-2018-1000411 unknown 4y ago Jenkins JUnit Plugin CSRF vulnerability
CVE-2018-1330 unknown 4y ago Crash when decoding malformed HTTP requests or malformed JSON payload
CVE-2018-1000421 unknown 4y ago Server-side request forgery vulnerability in Jenkins Mesos Plugin
CVE-2018-1000422 unknown 4y ago Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
CVE-2018-1000415 unknown 4y ago Cross-site Scripting in Jenkins Rebuilder Plugin
CVE-2018-8031 unknown 4y ago Apache TomEE console vulnerable to Cross-site Scripting
CVE-2018-7749 unknown 4y ago The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authe…
CVE-2018-1294 unknown 4y ago Improper Input Validation Apache Commons Email
CVE-2018-1000129 unknown 4y ago Cross-site Scripting in Jolokia agent
CVE-2018-1000130 unknown 4y ago Injection in Jolokia agent
CVE-2018-11385 unknown 4y ago An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerabil…
CVE-2018-11408 unknown 4y ago The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnera…