CVEs from 2018
Total
2,853
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000421 | unknown | — | — | 4y ago | Server-side request forgery vulnerability in Jenkins Mesos Plugin | |||
| CVE-2018-1000422 | unknown | — | — | 4y ago | Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability | |||
| CVE-2018-8031 | unknown | — | — | 4y ago | Apache TomEE console vulnerable to Cross-site Scripting | |||
| CVE-2018-7749 | unknown | — | — | 4y ago | The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authe… | |||
| CVE-2018-1294 | unknown | — | — | 4y ago | Improper Input Validation Apache Commons Email | |||
| CVE-2018-1000129 | unknown | — | — | 4y ago | Cross-site Scripting in Jolokia agent | |||
| CVE-2018-1000130 | unknown | — | — | 4y ago | Injection in Jolokia agent | |||
| CVE-2018-11385 | unknown | — | — | 4y ago | An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerabil… | |||
| CVE-2018-11408 | unknown | — | — | 4y ago | The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnera… | |||
| CVE-2018-19859 | unknown | — | — | 4y ago | OpenRefine Directory Traversal | |||
| CVE-2018-11386 | unknown | — | — | 4y ago | An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler c… | |||
| CVE-2018-11406 | unknown | — | — | 4y ago | An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session … | |||
| CVE-2018-1999027 | unknown | — | — | 4y ago | Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins | |||
| CVE-2018-1000191 | unknown | — | — | 4y ago | Jenkins Black Duck Detect Plugin information exposure vulnerability | |||
| CVE-2018-10862 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in WildFly | |||
| CVE-2018-1999042 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Jenkins | |||
| CVE-2018-1999045 | unknown | — | — | 4y ago | Improper Authentication in Jenkins | |||
| CVE-2018-1999046 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000406 | unknown | — | — | 4y ago | Path Traversal in Jenkins | |||
| CVE-2018-1000409 | unknown | — | — | 4y ago | Session Fixation in Jenkins | |||
| CVE-2018-1000410 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000862 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000407 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins | |||
| CVE-2018-1000170 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Core | |||
| CVE-2018-1000997 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-19789 | unknown | — | — | 4y ago | An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `strin… | |||
| CVE-2018-19790 | unknown | — | — | 4y ago | An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_f… | |||
| CVE-2018-1325 | unknown | — | — | 4y ago | Cross-site Scripting in wicket-jquery-ui | |||
| CVE-2018-11688 | unknown | — | — | 4y ago | Ignite Realtime Openfire vulnerable to cross-site scripting | |||
| CVE-2018-1000169 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000416 | unknown | — | — | 4y ago | Jenkins Job Config History Plugin reflected XSS vulnerability | |||
| CVE-2018-1000078 | unknown | — | — | 4y ago | RubyGems Cross-site Scripting vulnerability | |||
| CVE-2018-1000079 | unknown | — | — | 4y ago | RubyGems Path Traversal vulnerability | |||
| CVE-2018-1000076 | unknown | — | — | 4y ago | RubyGems Improper Verification of Cryptographic Signature vulnerability | |||
| CVE-2018-1000074 | unknown | — | — | 4y ago | RubyGems Deserialization of Untrusted Data vulnerability | |||
| CVE-2018-1000077 | unknown | — | — | 4y ago | RubyGems Improper Input Validation vulnerability | |||
| CVE-2018-8028 | unknown | — | — | 4y ago | Apache Sentry may allow attacker to access/remove data from Sentry protected table | |||
| CVE-2018-8036 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Apache PDFBox | |||
| CVE-2018-8016 | unknown | — | — | 4y ago | Missing Authentication for Critical Function in Apache Cassandra | |||
| CVE-2018-3258 | unknown | — | — | 4y ago | Improper Privilege Management in MySQL Connectors Java | |||
| CVE-2018-1999047 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins | |||
| CVE-2018-1999044 | unknown | — | — | 4y ago | Infinite Loop in Jenkins Core | |||
| CVE-2018-1999028 | unknown | — | — | 4y ago | Jenkins Accurev Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-1999040 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Jenkins Kubernetes Plugin | |||
| CVE-2018-1999030 | unknown | — | — | 4y ago | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-1999032 | unknown | — | — | 4y ago | Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-1999036 | unknown | — | — | 4y ago | Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log | |||
| CVE-2018-1340 | unknown | — | — | 4y ago | Missing Encryption of Sensitive Data in Apache Guacamole | |||
| CVE-2018-1297 | unknown | — | — | 4y ago | Missing certificate validation in Apache JMeter | |||
| CVE-2018-12972 | unknown | — | — | 4y ago | OpenTSDB vulnerable to OS Command Injection | |||
| CVE-2018-1287 | unknown | — | — | 4y ago | Missing certificate validation in Apache JMeter | |||
| CVE-2018-1286 | unknown | — | — | 4y ago | Apache OpenMeetings may allow authenticated attacker to deny service for privileged users | |||
| CVE-2018-11047 | unknown | — | — | 4y ago | Cloud Foundry UAA accepts refresh token as access token on admin endpoints | |||
| CVE-2018-1000866 | unknown | — | — | 4y ago | Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass | |||
| CVE-2018-1000864 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Jenkins | |||
| CVE-2018-1000865 | unknown | — | — | 4y ago | Improper Privilege Management in Jenkins | |||
| CVE-2018-1000817 | unknown | — | — | 4y ago | Asset Pipeline Grails Plugin vulnerable to Path Traversal | |||
| CVE-2018-1000610 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000863 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-1000603 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials | |||
| CVE-2018-1000608 | unknown | — | — | 4y ago | Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password | |||
| CVE-2018-1000600 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials | |||
| CVE-2018-1000401 | unknown | — | — | 4y ago | Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000403 | unknown | — | — | 4y ago | AWS CodeDeploy Plugin stored AWS Secret Key in plain text | |||
| CVE-2018-1000408 | unknown | — | — | 4y ago | Improper Authorization in Jenkins | |||
| CVE-2018-1000404 | unknown | — | — | 4y ago | Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin | |||
| CVE-2018-1000197 | unknown | — | — | 4y ago | Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration | |||
| CVE-2018-1000189 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin | |||
| CVE-2018-1000152 | unknown | — | — | 4y ago | Jenkins vSphere Plugin incorrect authorization vulnerability | |||
| CVE-2018-1000145 | unknown | — | — | 4y ago | Jenkins Perforce Plugin uses ineffective credentials encryption | |||
| CVE-2018-1000146 | unknown | — | — | 4y ago | Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM | |||
| CVE-2018-1000112 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Mercurial Plugin | |||
| CVE-2018-1000134 | unknown | — | — | 4y ago | Weak Password Requirements in UnboundID LDAP SDK | |||
| CVE-2018-1000111 | unknown | — | — | 4y ago | Jenkins Subversion Plugin Incorrect Authorization vulnerability | |||
| CVE-2018-1000114 | unknown | — | — | 4y ago | Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes | |||
| CVE-2018-1000107 | unknown | — | — | 4y ago | Improper authorization in Jenkins Job and Node Ownership Plugin | |||
| CVE-2018-1000104 | unknown | — | — | 4y ago | Jenkins Coverity Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000110 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Git Plugin | |||
| CVE-2018-1000109 | unknown | — | — | 4y ago | Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs | |||
| CVE-2018-1000105 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000106 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000057 | unknown | — | — | 4y ago | Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1002202 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Zip4j | |||
| CVE-2018-1002200 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver | |||
| CVE-2018-10894 | unknown | — | — | 4y ago | Keycloak Authentication Error | |||
| CVE-2018-14636 | unknown | — | — | 4y ago | Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively… | |||
| CVE-2018-14655 | unknown | — | — | 4y ago | Keycloak vulnerable to cross-site scripting via the state parameter | |||
| CVE-2018-14658 | unknown | — | — | 4y ago | Keycloak Open Redirect | |||
| CVE-2018-15761 | unknown | — | — | 4y ago | Cloud Foundry UAA Privilege Escalation | |||
| CVE-2018-17244 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2018-17247 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Elasticsearch | |||
| CVE-2018-1051 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider | |||
| CVE-2018-1114 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Undertow | |||
| CVE-2018-1131 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Infinispan | |||
| CVE-2018-1229 | unknown | — | — | 4y ago | Cross-site Scripting in Pivotal Spring Batch Admin | |||
| CVE-2018-3824 | unknown | — | — | 4y ago | Elasticsearch subject to cross site scripting | |||
| CVE-2018-1002201 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in zt-zip | |||
| CVE-2018-13864 | unknown | — | — | 4y ago | Play Framework's Assets controller vulnerable to directory traversal | |||
| CVE-2018-1999033 | unknown | — | — | 4y ago | Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin | |||
| CVE-2018-1000426 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Git Changelog Plugin |