CVEs from 2018
Total
2,860
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000130 | unknown | — | — | 4y ago | Injection in Jolokia agent | |||
| CVE-2018-11385 | unknown | — | — | 4y ago | An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerabil… | |||
| CVE-2018-11408 | unknown | — | — | 4y ago | The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnera… | |||
| CVE-2018-19859 | unknown | — | — | 4y ago | OpenRefine Directory Traversal | |||
| CVE-2018-11386 | unknown | — | — | 4y ago | An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler c… | |||
| CVE-2018-11406 | unknown | — | — | 4y ago | An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session … | |||
| CVE-2018-1999027 | unknown | — | — | 4y ago | Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins | |||
| CVE-2018-1000191 | unknown | — | — | 4y ago | Jenkins Black Duck Detect Plugin information exposure vulnerability | |||
| CVE-2018-10862 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in WildFly | |||
| CVE-2018-1999045 | unknown | — | — | 4y ago | Improper Authentication in Jenkins | |||
| CVE-2018-1999046 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1999042 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Jenkins | |||
| CVE-2018-1000409 | unknown | — | — | 4y ago | Session Fixation in Jenkins | |||
| CVE-2018-1000170 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Core | |||
| CVE-2018-1000406 | unknown | — | — | 4y ago | Path Traversal in Jenkins | |||
| CVE-2018-1000862 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000407 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins | |||
| CVE-2018-1000410 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000997 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-19790 | unknown | — | — | 4y ago | An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_f… | |||
| CVE-2018-19789 | unknown | — | — | 4y ago | An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `strin… | |||
| CVE-2018-1325 | unknown | — | — | 4y ago | Cross-site Scripting in wicket-jquery-ui | |||
| CVE-2018-11688 | unknown | — | — | 4y ago | Ignite Realtime Openfire vulnerable to cross-site scripting | |||
| CVE-2018-1000169 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000416 | unknown | — | — | 4y ago | Jenkins Job Config History Plugin reflected XSS vulnerability | |||
| CVE-2018-1000077 | unknown | — | — | 4y ago | RubyGems Improper Input Validation vulnerability | |||
| CVE-2018-1000076 | unknown | — | — | 4y ago | RubyGems Improper Verification of Cryptographic Signature vulnerability | |||
| CVE-2018-1000074 | unknown | — | — | 4y ago | RubyGems Deserialization of Untrusted Data vulnerability | |||
| CVE-2018-1000079 | unknown | — | — | 4y ago | RubyGems Path Traversal vulnerability | |||
| CVE-2018-1000078 | unknown | — | — | 4y ago | RubyGems Cross-site Scripting vulnerability | |||
| CVE-2018-8036 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Apache PDFBox | |||
| CVE-2018-8028 | unknown | — | — | 4y ago | Apache Sentry may allow attacker to access/remove data from Sentry protected table | |||
| CVE-2018-8016 | unknown | — | — | 4y ago | Missing Authentication for Critical Function in Apache Cassandra | |||
| CVE-2018-3258 | unknown | — | — | 4y ago | Improper Privilege Management in MySQL Connectors Java | |||
| CVE-2018-1999047 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins | |||
| CVE-2018-1999036 | unknown | — | — | 4y ago | Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log | |||
| CVE-2018-1999040 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Jenkins Kubernetes Plugin | |||
| CVE-2018-1999030 | unknown | — | — | 4y ago | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-1999044 | unknown | — | — | 4y ago | Infinite Loop in Jenkins Core | |||
| CVE-2018-1999028 | unknown | — | — | 4y ago | Jenkins Accurev Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-1999032 | unknown | — | — | 4y ago | Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-1340 | unknown | — | — | 4y ago | Missing Encryption of Sensitive Data in Apache Guacamole | |||
| CVE-2018-1297 | unknown | — | — | 4y ago | Missing certificate validation in Apache JMeter | |||
| CVE-2018-12972 | unknown | — | — | 4y ago | OpenTSDB vulnerable to OS Command Injection | |||
| CVE-2018-1287 | unknown | — | — | 4y ago | Missing certificate validation in Apache JMeter | |||
| CVE-2018-1286 | unknown | — | — | 4y ago | Apache OpenMeetings may allow authenticated attacker to deny service for privileged users | |||
| CVE-2018-11047 | unknown | — | — | 4y ago | Cloud Foundry UAA accepts refresh token as access token on admin endpoints | |||
| CVE-2018-1000864 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Jenkins | |||
| CVE-2018-1000866 | unknown | — | — | 4y ago | Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass | |||
| CVE-2018-1000865 | unknown | — | — | 4y ago | Improper Privilege Management in Jenkins | |||
| CVE-2018-1000610 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000817 | unknown | — | — | 4y ago | Asset Pipeline Grails Plugin vulnerable to Path Traversal | |||
| CVE-2018-1000863 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-1000603 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials | |||
| CVE-2018-1000608 | unknown | — | — | 4y ago | Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password | |||
| CVE-2018-1000600 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials | |||
| CVE-2018-1000403 | unknown | — | — | 4y ago | AWS CodeDeploy Plugin stored AWS Secret Key in plain text | |||
| CVE-2018-1000401 | unknown | — | — | 4y ago | Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000404 | unknown | — | — | 4y ago | Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin | |||
| CVE-2018-1000408 | unknown | — | — | 4y ago | Improper Authorization in Jenkins | |||
| CVE-2018-1000189 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin | |||
| CVE-2018-1000197 | unknown | — | — | 4y ago | Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration | |||
| CVE-2018-1000146 | unknown | — | — | 4y ago | Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM | |||
| CVE-2018-1000145 | unknown | — | — | 4y ago | Jenkins Perforce Plugin uses ineffective credentials encryption | |||
| CVE-2018-1000152 | unknown | — | — | 4y ago | Jenkins vSphere Plugin incorrect authorization vulnerability | |||
| CVE-2018-1000112 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Mercurial Plugin | |||
| CVE-2018-1000114 | unknown | — | — | 4y ago | Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes | |||
| CVE-2018-1000111 | unknown | — | — | 4y ago | Jenkins Subversion Plugin Incorrect Authorization vulnerability | |||
| CVE-2018-1000134 | unknown | — | — | 4y ago | Weak Password Requirements in UnboundID LDAP SDK | |||
| CVE-2018-1000109 | unknown | — | — | 4y ago | Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs | |||
| CVE-2018-1000106 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000110 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Git Plugin | |||
| CVE-2018-1000107 | unknown | — | — | 4y ago | Improper authorization in Jenkins Job and Node Ownership Plugin | |||
| CVE-2018-1000104 | unknown | — | — | 4y ago | Jenkins Coverity Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000105 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000057 | unknown | — | — | 4y ago | Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1002202 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Zip4j | |||
| CVE-2018-1002200 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver | |||
| CVE-2018-10894 | unknown | — | — | 4y ago | Keycloak Authentication Error | |||
| CVE-2018-14636 | unknown | — | — | 4y ago | Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively… | |||
| CVE-2018-14658 | unknown | — | — | 4y ago | Keycloak Open Redirect | |||
| CVE-2018-14655 | unknown | — | — | 4y ago | Keycloak vulnerable to cross-site scripting via the state parameter | |||
| CVE-2018-15761 | unknown | — | — | 4y ago | Cloud Foundry UAA Privilege Escalation | |||
| CVE-2018-17247 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Elasticsearch | |||
| CVE-2018-17244 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2018-1051 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider | |||
| CVE-2018-1114 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Undertow | |||
| CVE-2018-1131 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Infinispan | |||
| CVE-2018-1229 | unknown | — | — | 4y ago | Cross-site Scripting in Pivotal Spring Batch Admin | |||
| CVE-2018-3824 | unknown | — | — | 4y ago | Elasticsearch subject to cross site scripting | |||
| CVE-2018-1002201 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in zt-zip | |||
| CVE-2018-13864 | unknown | — | — | 4y ago | Play Framework's Assets controller vulnerable to directory traversal | |||
| CVE-2018-1999033 | unknown | — | — | 4y ago | Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin | |||
| CVE-2018-1000426 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Git Changelog Plugin | |||
| CVE-2018-3831 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2018-1000132 | unknown | — | — | 4y ago | Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via … | |||
| CVE-2018-13348 | unknown | — | — | 4y ago | The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actu… | |||
| CVE-2018-13346 | unknown | — | — | 4y ago | The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | |||
| CVE-2018-13347 | unknown | — | — | 4y ago | mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | |||
| CVE-2018-8015 | unknown | — | — | 4y ago | Apache ORC vulnerable to Uncontrolled Recursion |