CVEs from 2018
Total
2,853
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000610 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000863 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-1000817 | unknown | — | — | 4y ago | Asset Pipeline Grails Plugin vulnerable to Path Traversal | |||
| CVE-2018-1000603 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials | |||
| CVE-2018-1000608 | unknown | — | — | 4y ago | Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password | |||
| CVE-2018-1000600 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials | |||
| CVE-2018-1000401 | unknown | — | — | 4y ago | Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000403 | unknown | — | — | 4y ago | AWS CodeDeploy Plugin stored AWS Secret Key in plain text | |||
| CVE-2018-1000408 | unknown | — | — | 4y ago | Improper Authorization in Jenkins | |||
| CVE-2018-1000404 | unknown | — | — | 4y ago | Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin | |||
| CVE-2018-1000189 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin | |||
| CVE-2018-1000197 | unknown | — | — | 4y ago | Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration | |||
| CVE-2018-1000152 | unknown | — | — | 4y ago | Jenkins vSphere Plugin incorrect authorization vulnerability | |||
| CVE-2018-1000146 | unknown | — | — | 4y ago | Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM | |||
| CVE-2018-1000145 | unknown | — | — | 4y ago | Jenkins Perforce Plugin uses ineffective credentials encryption | |||
| CVE-2018-1000114 | unknown | — | — | 4y ago | Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes | |||
| CVE-2018-1000111 | unknown | — | — | 4y ago | Jenkins Subversion Plugin Incorrect Authorization vulnerability | |||
| CVE-2018-1000112 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Mercurial Plugin | |||
| CVE-2018-1000134 | unknown | — | — | 4y ago | Weak Password Requirements in UnboundID LDAP SDK | |||
| CVE-2018-1000107 | unknown | — | — | 4y ago | Improper authorization in Jenkins Job and Node Ownership Plugin | |||
| CVE-2018-1000104 | unknown | — | — | 4y ago | Jenkins Coverity Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000109 | unknown | — | — | 4y ago | Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs | |||
| CVE-2018-1000105 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000110 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Git Plugin | |||
| CVE-2018-1000106 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000057 | unknown | — | — | 4y ago | Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1002202 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Zip4j | |||
| CVE-2018-1002200 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver | |||
| CVE-2018-10894 | unknown | — | — | 4y ago | Keycloak Authentication Error | |||
| CVE-2018-14636 | unknown | — | — | 4y ago | Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively… | |||
| CVE-2018-14655 | unknown | — | — | 4y ago | Keycloak vulnerable to cross-site scripting via the state parameter | |||
| CVE-2018-14658 | unknown | — | — | 4y ago | Keycloak Open Redirect | |||
| CVE-2018-15761 | unknown | — | — | 4y ago | Cloud Foundry UAA Privilege Escalation | |||
| CVE-2018-17244 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2018-17247 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Elasticsearch | |||
| CVE-2018-1051 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider | |||
| CVE-2018-1114 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Undertow | |||
| CVE-2018-1131 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Infinispan | |||
| CVE-2018-1229 | unknown | — | — | 4y ago | Cross-site Scripting in Pivotal Spring Batch Admin | |||
| CVE-2018-3824 | unknown | — | — | 4y ago | Elasticsearch subject to cross site scripting | |||
| CVE-2018-1002201 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in zt-zip | |||
| CVE-2018-13864 | unknown | — | — | 4y ago | Play Framework's Assets controller vulnerable to directory traversal | |||
| CVE-2018-1999033 | unknown | — | — | 4y ago | Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin | |||
| CVE-2018-1000426 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Git Changelog Plugin | |||
| CVE-2018-3831 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2018-13346 | unknown | — | — | 4y ago | The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | |||
| CVE-2018-1000132 | unknown | — | — | 4y ago | Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via … | |||
| CVE-2018-13347 | unknown | — | — | 4y ago | mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | |||
| CVE-2018-13348 | unknown | — | — | 4y ago | The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actu… | |||
| CVE-2018-8015 | unknown | — | — | 4y ago | Apache ORC vulnerable to Uncontrolled Recursion | |||
| CVE-2018-18240 | unknown | — | — | 4y ago | Pippo RCE Vulnerability | |||
| CVE-2018-12532 | unknown | — | — | 4y ago | RichFaces vulnerable to Expression Language Injection | |||
| CVE-2018-12533 | unknown | — | — | 4y ago | Arbitrary code execution in Richfaces | |||
| CVE-2018-1000425 | unknown | — | — | 4y ago | Jenkins SonarQube Scanner Plugin stored server authentication token in plain text | |||
| CVE-2018-1000419 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs | |||
| CVE-2018-1000412 | unknown | — | — | 4y ago | Jenkins Jira Plugin Incorrect Authorization vulnerability | |||
| CVE-2018-1000423 | unknown | — | — | 4y ago | Jenkins Crowd 2 Integration Plugin stored credentials in plain text | |||
| CVE-2018-1000424 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk | |||
| CVE-2018-1000418 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows credential capture due to incorrect authorization | |||
| CVE-2018-1000149 | unknown | — | — | 4y ago | Jenkins Ansible Plugin man in the middle vulnerability | |||
| CVE-2018-1000015 | unknown | — | — | 4y ago | Incorrect permission checks in Pipeline: Nodes and Processes plugin | |||
| CVE-2018-1067 | unknown | — | — | 4y ago | Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow | |||
| CVE-2018-14657 | unknown | — | — | 4y ago | Keycloak Improper Bruteforce Detection | |||
| CVE-2018-1048 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow | |||
| CVE-2018-14642 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Undertow | |||
| CVE-2018-1190 | unknown | — | — | 4y ago | Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint | |||
| CVE-2018-14635 | unknown | — | — | 4y ago | When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service cou… | |||
| CVE-2018-1256 | unknown | — | — | 4y ago | Issuer validation regression in Spring Cloud SSO Connector | |||
| CVE-2018-1263 | unknown | — | — | 4y ago | spring-integration-zip Arbitrary File Write | |||
| CVE-2018-1262 | unknown | — | — | 4y ago | UAA privilege escalation across identity zones | |||
| CVE-2018-8012 | unknown | — | — | 4y ago | Missing Authorization in Apache ZooKeeper | |||
| CVE-2018-8088 | unknown | — | — | 4y ago | Improper Access Control in SLF4J | |||
| CVE-2018-1313 | unknown | — | — | 4y ago | Improper Access Control in Apache Derby | |||
| CVE-2018-1288 | unknown | — | — | 4y ago | Improper Control of Generation of Code in Apache Kafka | |||
| CVE-2018-1000067 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins | |||
| CVE-2018-1000193 | unknown | — | — | 4y ago | Injection in Jenkins | |||
| CVE-2018-1000192 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000068 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000194 | unknown | — | — | 4y ago | Path Traversal in Jenkins | |||
| CVE-2018-6356 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-1000195 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2018-5382 | unknown | — | — | 4y ago | Improper Validation of Integrity Check Value in Bouncy Castle | |||
| CVE-2018-1000073 | unknown | — | — | 4y ago | RubyGems Link Following vulnerability | |||
| CVE-2018-1000075 | unknown | — | — | 4y ago | RubyGems Infinite Loop vulnerability | |||
| CVE-2018-16886 | unknown | — | — | 4y ago | etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd … | |||
| CVE-2018-25031 | unknown | — | — | 4y ago | Spoofing attack in swagger-ui | |||
| CVE-2018-1099 | unknown | — | — | 4y ago | DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other add… | |||
| CVE-2018-1098 | unknown | — | — | 4y ago | A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done wit… | |||
| CVE-2018-21234 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Jodd | |||
| CVE-2018-11764 | unknown | — | — | 4y ago | Authentication bypass in Apache Hadoop | |||
| CVE-2018-11802 | unknown | — | — | 4y ago | Incorrect Authorization in Apache Solr | |||
| CVE-2018-16153 | unknown | — | — | 5y ago | Opencast publishes global system account credentials | |||
| CVE-2018-11765 | unknown | — | — | 5y ago | Improper Authentication in Apache Hadoop | |||
| CVE-2018-25007 | unknown | — | — | 5y ago | Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 | |||
| CVE-2018-5968 | unknown | — | — | 6y ago | Deserialization of Untrusted Data in jackson-databind | |||
| CVE-2018-10237 | unknown | — | — | 6y ago | Denial of Service in Google Guava | |||
| CVE-2018-15756 | unknown | — | — | 6y ago | Denial of Service in Spring Framework | |||
| CVE-2018-12023 | unknown | — | — | 6y ago | Deserialization of Untrusted Data | |||
| CVE-2018-11768 | unknown | — | — | 7y ago | user/group information can be corrupted across storing in fsimage and reading back from fsimage | |||
| CVE-2018-15890 | unknown | — | — | 7y ago | Deserialization of Untrusted Data in EthereumJ |