CVEs from 2018
Total
2,860
critical
critical 238
high
high 329
medium
medium 260
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- mitel 8
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000106 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000109 | unknown | — | — | 4y ago | Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs | |||
| CVE-2018-1000110 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Git Plugin | |||
| CVE-2018-1000057 | unknown | — | — | 4y ago | Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1002202 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Zip4j | |||
| CVE-2018-1002200 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver | |||
| CVE-2018-10894 | unknown | — | — | 4y ago | Keycloak Authentication Error | |||
| CVE-2018-14636 | unknown | — | — | 4y ago | Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively… | |||
| CVE-2018-14655 | unknown | — | — | 4y ago | Keycloak vulnerable to cross-site scripting via the state parameter | |||
| CVE-2018-14658 | unknown | — | — | 4y ago | Keycloak Open Redirect | |||
| CVE-2018-15761 | unknown | — | — | 4y ago | Cloud Foundry UAA Privilege Escalation | |||
| CVE-2018-17247 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Elasticsearch | |||
| CVE-2018-17244 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2018-1051 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider | |||
| CVE-2018-1114 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Undertow | |||
| CVE-2018-1131 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Infinispan | |||
| CVE-2018-1229 | unknown | — | — | 4y ago | Cross-site Scripting in Pivotal Spring Batch Admin | |||
| CVE-2018-3824 | unknown | — | — | 4y ago | Elasticsearch subject to cross site scripting | |||
| CVE-2018-1002201 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in zt-zip | |||
| CVE-2018-13864 | unknown | — | — | 4y ago | Play Framework's Assets controller vulnerable to directory traversal | |||
| CVE-2018-1999033 | unknown | — | — | 4y ago | Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin | |||
| CVE-2018-1000426 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Git Changelog Plugin | |||
| CVE-2018-3831 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2018-13346 | unknown | — | — | 4y ago | The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | |||
| CVE-2018-1000132 | unknown | — | — | 4y ago | Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via … | |||
| CVE-2018-13347 | unknown | — | — | 4y ago | mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | |||
| CVE-2018-13348 | unknown | — | — | 4y ago | The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actu… | |||
| CVE-2018-8015 | unknown | — | — | 4y ago | Apache ORC vulnerable to Uncontrolled Recursion | |||
| CVE-2018-18240 | unknown | — | — | 4y ago | Pippo RCE Vulnerability | |||
| CVE-2018-12532 | unknown | — | — | 4y ago | RichFaces vulnerable to Expression Language Injection | |||
| CVE-2018-12533 | unknown | — | — | 4y ago | Arbitrary code execution in Richfaces | |||
| CVE-2018-1000419 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs | |||
| CVE-2018-1000425 | unknown | — | — | 4y ago | Jenkins SonarQube Scanner Plugin stored server authentication token in plain text | |||
| CVE-2018-1000423 | unknown | — | — | 4y ago | Jenkins Crowd 2 Integration Plugin stored credentials in plain text | |||
| CVE-2018-1000424 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk | |||
| CVE-2018-1000412 | unknown | — | — | 4y ago | Jenkins Jira Plugin Incorrect Authorization vulnerability | |||
| CVE-2018-1000418 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows credential capture due to incorrect authorization | |||
| CVE-2018-1000149 | unknown | — | — | 4y ago | Jenkins Ansible Plugin man in the middle vulnerability | |||
| CVE-2018-1000015 | unknown | — | — | 4y ago | Incorrect permission checks in Pipeline: Nodes and Processes plugin | |||
| CVE-2018-1067 | unknown | — | — | 4y ago | Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow | |||
| CVE-2018-14657 | unknown | — | — | 4y ago | Keycloak Improper Bruteforce Detection | |||
| CVE-2018-1048 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow | |||
| CVE-2018-14642 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Undertow | |||
| CVE-2018-1190 | unknown | — | — | 4y ago | Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint | |||
| CVE-2018-14635 | unknown | — | — | 4y ago | When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service cou… | |||
| CVE-2018-1256 | unknown | — | — | 4y ago | Issuer validation regression in Spring Cloud SSO Connector | |||
| CVE-2018-1263 | unknown | — | — | 4y ago | spring-integration-zip Arbitrary File Write | |||
| CVE-2018-1262 | unknown | — | — | 4y ago | UAA privilege escalation across identity zones | |||
| CVE-2018-8012 | unknown | — | — | 4y ago | Missing Authorization in Apache ZooKeeper | |||
| CVE-2018-8088 | unknown | — | — | 4y ago | Improper Access Control in SLF4J | |||
| CVE-2018-1288 | unknown | — | — | 4y ago | Improper Control of Generation of Code in Apache Kafka | |||
| CVE-2018-1313 | unknown | — | — | 4y ago | Improper Access Control in Apache Derby | |||
| CVE-2018-1000067 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins | |||
| CVE-2018-1000193 | unknown | — | — | 4y ago | Injection in Jenkins | |||
| CVE-2018-1000192 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000068 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000194 | unknown | — | — | 4y ago | Path Traversal in Jenkins | |||
| CVE-2018-6356 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-5382 | unknown | — | — | 4y ago | Improper Validation of Integrity Check Value in Bouncy Castle | |||
| CVE-2018-1000195 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2018-1000075 | unknown | — | — | 4y ago | RubyGems Infinite Loop vulnerability | |||
| CVE-2018-1000073 | unknown | — | — | 4y ago | RubyGems Link Following vulnerability | |||
| CVE-2018-16886 | unknown | — | — | 4y ago | etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd … | |||
| CVE-2018-25031 | unknown | — | — | 4y ago | Spoofing attack in swagger-ui | |||
| CVE-2018-1098 | unknown | — | — | 4y ago | A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done wit… | |||
| CVE-2018-1099 | unknown | — | — | 4y ago | DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other add… | |||
| CVE-2018-21234 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Jodd | |||
| CVE-2018-11764 | unknown | — | — | 4y ago | Authentication bypass in Apache Hadoop | |||
| CVE-2018-11802 | unknown | — | — | 4y ago | Incorrect Authorization in Apache Solr | |||
| CVE-2018-16153 | unknown | — | — | 5y ago | Opencast publishes global system account credentials | |||
| CVE-2018-11765 | unknown | — | — | 5y ago | Improper Authentication in Apache Hadoop | |||
| CVE-2018-25007 | unknown | — | — | 5y ago | Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 | |||
| CVE-2018-5968 | unknown | — | — | 6y ago | Deserialization of Untrusted Data in jackson-databind | |||
| CVE-2018-10237 | unknown | — | — | 6y ago | Denial of Service in Google Guava | |||
| CVE-2018-15756 | unknown | — | — | 6y ago | Denial of Service in Spring Framework | |||
| CVE-2018-12023 | unknown | — | — | 6y ago | Deserialization of Untrusted Data | |||
| CVE-2018-11768 | unknown | — | — | 7y ago | user/group information can be corrupted across storing in fsimage and reading back from fsimage | |||
| CVE-2018-15890 | unknown | — | — | 7y ago | Deserialization of Untrusted Data in EthereumJ | |||
| CVE-2018-11307 | unknown | — | — | 7y ago | Deserialization of Untrusted Data in jackson-databind | |||
| CVE-2018-8029 | unknown | — | — | 7y ago | Privilege escalation vulnerability in Apache Hadoop | |||
| CVE-2018-17201 | unknown | — | — | 7y ago | Improper Input Validation in Apache Sanselan | |||
| CVE-2018-17202 | unknown | — | — | 7y ago | Infinite Loop in Apache Sanselan | |||
| CVE-2018-8035 | unknown | — | — | 7y ago | Cross-site Scripting in Apache UIMA | |||
| CVE-2018-1328 | unknown | — | — | 7y ago | Cross-site Scripting in Apache Zeppelin | |||
| CVE-2018-1317 | unknown | — | — | 7y ago | Improper Authentication in Apache Zeppelin | |||
| CVE-2018-12545 | unknown | — | — | 7y ago | Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server | |||
| CVE-2018-12022 | unknown | — | — | 7y ago | jackson-databind Deserialization of Untrusted Data vulnerability | |||
| CVE-2018-11767 | unknown | — | — | 7y ago | Improper Privilege Management in org.apache.hadoop:hadoop-main | |||
| CVE-2018-1324 | unknown | — | — | 7y ago | Apache Commons Compress vulnerable to denial of service due to infinite loop | |||
| CVE-2018-1334 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark | |||
| CVE-2018-8024 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL | |||
| CVE-2018-11793 | unknown | — | — | 7y ago | Stack Overflow in Apache Mesos | |||
| CVE-2018-1296 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Hadoop | |||
| CVE-2018-20242 | unknown | — | — | 7y ago | Cross-site Scripting in jspwiki-war | |||
| CVE-2018-1320 | unknown | — | — | 8y ago | Improper Input Validation in Apache Thrift | |||
| CVE-2018-11798 | unknown | — | — | 8y ago | Apache Thrift Node.js static web server sandbox escape | |||
| CVE-2018-11787 | unknown | — | — | 8y ago | Improper Authentication in Apache Karaf | |||
| CVE-2018-11788 | unknown | — | — | 8y ago | XML External Entity Reference in Apache Karaf | |||
| CVE-2018-20433 | unknown | — | — | 8y ago | XML External Entity Reference in mchange:c3p0 | |||
| CVE-2018-14719 | unknown | — | — | 8y ago | Arbitrary Code Execution in jackson-databind |