VIR Vulnerability Intelligence Relay

CVEs from 2018

2,860 normalized CVEs published or assigned in this year.

Total
2,860
critical
critical 238
high
high 329
medium
medium 260
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-1000176 unknown 4y ago Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field
CVE-2018-1000177 unknown 4y ago Stored XSS vulnerability in Jenkins S3 Publisher Plugin
CVE-2018-1310 unknown 4y ago Apache NiFi JMS Deserialization issue
CVE-2018-1309 unknown 4y ago Improper Restriction of XML External Entity Reference in Apache NiFi
CVE-2018-11650 unknown 4y ago Cross-site Scripting in Graylog Server
CVE-2018-11651 unknown 4y ago Cross-site Scripting in Graylog
CVE-2018-1000182 unknown 4y ago Server-Side Request Forgery in Jenkins Git Plugin
CVE-2018-1000187 unknown 4y ago Exposure of Sensitive Information in Jenkins Kubernetes Plugin
CVE-2018-1000188 unknown 4y ago Jenkins CAS Plugin Server-Side Request Forgery vulnerability
CVE-2018-1000202 unknown 4y ago Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting
CVE-2018-1000183 unknown 4y ago Jenkins GitHub Plugin exposure of sensitive information vulnerability exists
CVE-2018-1000186 unknown 4y ago Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
CVE-2018-1000184 unknown 4y ago Jenkins GitHub Plugin server-side request forgery vulnerability exists
CVE-2018-1000185 unknown 4y ago Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
CVE-2018-1000196 unknown 4y ago Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text
CVE-2018-1000190 unknown 4y ago Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin
CVE-2018-1000198 unknown 4y ago XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin
CVE-2018-12036 unknown 4y ago Path Traversal in OWASP Dependency-Check
CVE-2018-12432 unknown 4y ago Cross-site Scripting in JavaMelody
CVE-2018-11407 unknown 4y ago An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by l…
CVE-2018-1000601 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin
CVE-2018-1000602 unknown 4y ago Jenkins SAML Plugin Session Fixation vulnerability
CVE-2018-12973 unknown 4y ago OpenTSDB Cross-site Scripting vulnerability
CVE-2018-13003 unknown 4y ago OpenTSDB Cross-site Scripting vulnerability
CVE-2018-1000604 unknown 4y ago Jenkins Badge Plugin cross-site scripting vulnerability
CVE-2018-1000606 unknown 4y ago URLTrigger Plugin server-side request forgery vulnerability
CVE-2018-1000609 unknown 4y ago Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information
CVE-2018-1000607 unknown 4y ago Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin
CVE-2018-11041 unknown 4y ago Cloud Foundry UAA open redirect
CVE-2018-13439 unknown 4y ago WeChat Pay Java SDK allows XXE
CVE-2018-1000402 unknown 4y ago Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials
CVE-2018-14380 unknown 4y ago Cross-site Scripting in Graylog Server
CVE-2018-14371 unknown 4y ago Path Traversal in Eclipse Mojarra
CVE-2018-1999029 unknown 4y ago Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin
CVE-2018-1999031 unknown 4y ago Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
CVE-2018-1999041 unknown 4y ago Exposure of sensitive information vulnerability
CVE-2018-1999025 unknown 4y ago Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
CVE-2018-1999026 unknown 4y ago Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
CVE-2018-1999035 unknown 4y ago Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1999034 unknown 4y ago Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1000605 unknown 4y ago Jenkins CollabNet Plugin man in the middle vulnerability
CVE-2018-1999037 unknown 4y ago Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
CVE-2018-1999038 unknown 4y ago Jenkins Publisher Over CIFS Plugin confused deputy vulnerability
CVE-2018-1999039 unknown 4y ago Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin
CVE-2018-14774 unknown 4y ago An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http…
CVE-2018-11758 unknown 4y ago XML External Entity Reference in Apache Cayenne
CVE-2018-1000665 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
CVE-2018-17366 unknown 4y ago Mingsoft MCMS CSRF vulnerability
CVE-2018-16277 unknown 4y ago XWiki XSS Vulnerability
CVE-2018-11804 unknown 4y ago Improper Input Validation in Apache Spark
CVE-2018-17983 unknown 4y ago cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
CVE-2018-17605 unknown 4y ago Asset Pipeline plugin for Grails vulnerable to Path Traversal
CVE-2018-19413 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
CVE-2018-20227 unknown 4y ago RDF4J vulnerable to zip slip
CVE-2018-20663 unknown 4y ago The Reporting Addon for CUBA Platform has Persistent XSS
CVE-2018-1000413 unknown 4y ago Stored XSS vulnerability in Config File Provider Plugin
CVE-2018-1000414 unknown 4y ago CSRF vulnerability in Config File Provider Plugin
CVE-2018-1000417 unknown 4y ago CSRF vulnerability in Email Extension Template Plugin
CVE-2018-1000411 unknown 4y ago Jenkins JUnit Plugin CSRF vulnerability
CVE-2018-1330 unknown 4y ago Crash when decoding malformed HTTP requests or malformed JSON payload
CVE-2018-1000415 unknown 4y ago Cross-site Scripting in Jenkins Rebuilder Plugin
CVE-2018-1000422 unknown 4y ago Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
CVE-2018-1000421 unknown 4y ago Server-side request forgery vulnerability in Jenkins Mesos Plugin
CVE-2018-8031 unknown 4y ago Apache TomEE console vulnerable to Cross-site Scripting
CVE-2018-7749 unknown 4y ago The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authe…
CVE-2018-1294 unknown 4y ago Improper Input Validation Apache Commons Email
CVE-2018-1000129 unknown 4y ago Cross-site Scripting in Jolokia agent
CVE-2018-1000130 unknown 4y ago Injection in Jolokia agent
CVE-2018-11385 unknown 4y ago An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerabil…
CVE-2018-11408 unknown 4y ago The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnera…
CVE-2018-19859 unknown 4y ago OpenRefine Directory Traversal
CVE-2018-11386 unknown 4y ago An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler c…
CVE-2018-11406 unknown 4y ago An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session …
CVE-2018-1999027 unknown 4y ago Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins
CVE-2018-1000191 unknown 4y ago Jenkins Black Duck Detect Plugin information exposure vulnerability
CVE-2018-10862 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in WildFly
CVE-2018-1999046 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1999042 unknown 4y ago Deserialization of Untrusted Data in Jenkins
CVE-2018-1999045 unknown 4y ago Improper Authentication in Jenkins
CVE-2018-1000406 unknown 4y ago Path Traversal in Jenkins
CVE-2018-1000862 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000407 unknown 4y ago Cross-site Scripting in Jenkins
CVE-2018-1000410 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000170 unknown 4y ago Cross-site Scripting in Jenkins Core
CVE-2018-1000409 unknown 4y ago Session Fixation in Jenkins
CVE-2018-1000997 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins
CVE-2018-19790 unknown 4y ago An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_f…
CVE-2018-19789 unknown 4y ago An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `strin…
CVE-2018-1325 unknown 4y ago Cross-site Scripting in wicket-jquery-ui
CVE-2018-11688 unknown 4y ago Ignite Realtime Openfire vulnerable to cross-site scripting
CVE-2018-1000169 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000416 unknown 4y ago Jenkins Job Config History Plugin reflected XSS vulnerability
CVE-2018-1000077 unknown 4y ago RubyGems Improper Input Validation vulnerability
CVE-2018-1000079 unknown 4y ago RubyGems Path Traversal vulnerability
CVE-2018-1000078 unknown 4y ago RubyGems Cross-site Scripting vulnerability
CVE-2018-1000076 unknown 4y ago RubyGems Improper Verification of Cryptographic Signature vulnerability
CVE-2018-1000074 unknown 4y ago RubyGems Deserialization of Untrusted Data vulnerability
CVE-2018-8036 unknown 4y ago Loop with Unreachable Exit Condition in Apache PDFBox
CVE-2018-8028 unknown 4y ago Apache Sentry may allow attacker to access/remove data from Sentry protected table
CVE-2018-8016 unknown 4y ago Missing Authentication for Critical Function in Apache Cassandra