CVEs from 2018
Total
2,841
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.4%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20548 | unknown | — | — | — | There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. | |||
| CVE-2018-20669 | unknown | — | — | — | An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A loc… | |||
| CVE-2018-20836 | unknown | — | — | — | An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. | |||
| CVE-2018-20860 | unknown | — | — | — | libopenmpt before 0.3.13 allows a crash with malformed MED files. | |||
| CVE-2018-20861 | unknown | — | — | — | libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. | |||
| CVE-2018-20976 | unknown | — | — | — | An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. | |||
| CVE-2018-6532 | unknown | — | — | — | An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering … | |||
| CVE-2018-6534 | unknown | — | — | — | An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash. | |||
| CVE-2018-6536 | unknown | — | — | — | An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes … | |||
| CVE-2018-6554 | unknown | — | — | — | Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory con… | |||
| CVE-2018-6559 | unknown | — | — | — | The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user … | |||
| CVE-2018-7566 | unknown | — | — | — | The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. | |||
| CVE-2018-7858 | unknown | — | — | — | Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash)… | |||
| CVE-2018-8019 | unknown | — | — | — | When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly ident… | |||
| CVE-2018-8960 | unknown | — | — | — | The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read. | |||
| CVE-2018-9385 | unknown | — | — | — | In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. … | |||
| CVE-2018-12608 | unknown | — | — | 2y ago | An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows sy… | |||
| CVE-2018-25068 | unknown | — | — | 4y ago | globalpom-utils has Insecure Temporary File | |||
| CVE-2018-18855 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Spray JSON | |||
| CVE-2018-10899 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jolokia | |||
| CVE-2018-17196 | unknown | — | — | 4y ago | Improper Input Validation in Apache Kafka | |||
| CVE-2018-1000009 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Checkstyle Plugin | |||
| CVE-2018-1000008 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins PMD Plugin | |||
| CVE-2018-1000010 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins DRY Plugin | |||
| CVE-2018-1000011 | unknown | — | — | 4y ago | XML External Entity Reference in Jenkins FindBugs Plugin | |||
| CVE-2018-1000013 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Release plugin | |||
| CVE-2018-1000012 | unknown | — | — | 4y ago | XXE vulnerability Jenkins Warnings Plugin | |||
| CVE-2018-1000014 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Translation Assistance plugin | |||
| CVE-2018-1192 | unknown | — | — | 4y ago | Cloud Foundry UAA SessionID present in Audit Event Logs | |||
| CVE-2018-1000055 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Android Lint Plugin | |||
| CVE-2018-1000056 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin | |||
| CVE-2018-1000058 | unknown | — | — | 4y ago | Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin | |||
| CVE-2018-1000054 | unknown | — | — | 4y ago | Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2018-1316 | unknown | — | — | 4y ago | Apache ODE Path Traversal vulnerability | |||
| CVE-2018-1000113 | unknown | — | — | 4y ago | Stored cross-site scripting vulnerability in Jenkins TestLink Plugin | |||
| CVE-2018-1000108 | unknown | — | — | 4y ago | Reflected cross-site-scripting vulnerability in report URL of Jenkins CppNCSS Plugin | |||
| CVE-2018-1000144 | unknown | — | — | 4y ago | Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability | |||
| CVE-2018-1000150 | unknown | — | — | 4y ago | Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users | |||
| CVE-2018-1000151 | unknown | — | — | 4y ago | Jenkins vSphere Plugin disables SSL/TLS certificate validation by default | |||
| CVE-2018-1000147 | unknown | — | — | 4y ago | Jenkins Perforce Plugin exposure of sensitive information vulnerability exists | |||
| CVE-2018-1000143 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin | |||
| CVE-2018-1000142 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials | |||
| CVE-2018-1000148 | unknown | — | — | 4y ago | Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system | |||
| CVE-2018-1000153 | unknown | — | — | 4y ago | Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2018-1000173 | unknown | — | — | 4y ago | Jenkins Google Login Plugin Session Fixation vulnerability | |||
| CVE-2018-1000174 | unknown | — | — | 4y ago | Jenkins Google Login Plugin Open Redirect vulnerability | |||
| CVE-2018-1000175 | unknown | — | — | 4y ago | Jenkins HTML Publisher Plugin path traversal vulnerability | |||
| CVE-2018-1000177 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins S3 Publisher Plugin | |||
| CVE-2018-1000176 | unknown | — | — | 4y ago | Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field | |||
| CVE-2018-1310 | unknown | — | — | 4y ago | Apache NiFi JMS Deserialization issue | |||
| CVE-2018-1309 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Apache NiFi | |||
| CVE-2018-11651 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog | |||
| CVE-2018-11650 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog Server | |||
| CVE-2018-1000182 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins Git Plugin | |||
| CVE-2018-1000188 | unknown | — | — | 4y ago | Jenkins CAS Plugin Server-Side Request Forgery vulnerability | |||
| CVE-2018-1000202 | unknown | — | — | 4y ago | Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting | |||
| CVE-2018-1000186 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability | |||
| CVE-2018-1000183 | unknown | — | — | 4y ago | Jenkins GitHub Plugin exposure of sensitive information vulnerability exists | |||
| CVE-2018-1000187 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Jenkins Kubernetes Plugin | |||
| CVE-2018-1000184 | unknown | — | — | 4y ago | Jenkins GitHub Plugin server-side request forgery vulnerability exists | |||
| CVE-2018-1000185 | unknown | — | — | 4y ago | Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery | |||
| CVE-2018-1000196 | unknown | — | — | 4y ago | Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text | |||
| CVE-2018-1000198 | unknown | — | — | 4y ago | XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin | |||
| CVE-2018-1000190 | unknown | — | — | 4y ago | Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin | |||
| CVE-2018-12036 | unknown | — | — | 4y ago | Path Traversal in OWASP Dependency-Check | |||
| CVE-2018-12432 | unknown | — | — | 4y ago | Cross-site Scripting in JavaMelody | |||
| CVE-2018-11407 | unknown | — | — | 4y ago | An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by l… | |||
| CVE-2018-1000601 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin | |||
| CVE-2018-1000602 | unknown | — | — | 4y ago | Jenkins SAML Plugin Session Fixation vulnerability | |||
| CVE-2018-13003 | unknown | — | — | 4y ago | OpenTSDB Cross-site Scripting vulnerability | |||
| CVE-2018-12973 | unknown | — | — | 4y ago | OpenTSDB Cross-site Scripting vulnerability | |||
| CVE-2018-1000604 | unknown | — | — | 4y ago | Jenkins Badge Plugin cross-site scripting vulnerability | |||
| CVE-2018-1000609 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information | |||
| CVE-2018-11041 | unknown | — | — | 4y ago | Cloud Foundry UAA open redirect | |||
| CVE-2018-1000606 | unknown | — | — | 4y ago | URLTrigger Plugin server-side request forgery vulnerability | |||
| CVE-2018-1000607 | unknown | — | — | 4y ago | Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin | |||
| CVE-2018-13439 | unknown | — | — | 4y ago | WeChat Pay Java SDK allows XXE | |||
| CVE-2018-1000402 | unknown | — | — | 4y ago | Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-14380 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog Server | |||
| CVE-2018-14371 | unknown | — | — | 4y ago | Path Traversal in Eclipse Mojarra | |||
| CVE-2018-1999031 | unknown | — | — | 4y ago | Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key | |||
| CVE-2018-1999029 | unknown | — | — | 4y ago | Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin | |||
| CVE-2018-1999041 | unknown | — | — | 4y ago | Exposure of sensitive information vulnerability | |||
| CVE-2018-1999026 | unknown | — | — | 4y ago | Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability | |||
| CVE-2018-1999025 | unknown | — | — | 4y ago | Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability | |||
| CVE-2018-1999035 | unknown | — | — | 4y ago | Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation | |||
| CVE-2018-1999034 | unknown | — | — | 4y ago | Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation | |||
| CVE-2018-1000605 | unknown | — | — | 4y ago | Jenkins CollabNet Plugin man in the middle vulnerability | |||
| CVE-2018-1999037 | unknown | — | — | 4y ago | Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource | |||
| CVE-2018-1999038 | unknown | — | — | 4y ago | Jenkins Publisher Over CIFS Plugin confused deputy vulnerability | |||
| CVE-2018-1999039 | unknown | — | — | 4y ago | Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin | |||
| CVE-2018-14774 | unknown | — | — | 4y ago | An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http… | |||
| CVE-2018-11758 | unknown | — | — | 4y ago | XML External Entity Reference in Apache Cayenne | |||
| CVE-2018-1000665 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness | |||
| CVE-2018-17366 | unknown | — | — | 4y ago | Mingsoft MCMS CSRF vulnerability | |||
| CVE-2018-16277 | unknown | — | — | 4y ago | XWiki XSS Vulnerability | |||
| CVE-2018-11804 | unknown | — | — | 4y ago | Improper Input Validation in Apache Spark | |||
| CVE-2018-17983 | unknown | — | — | 4y ago | cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. | |||
| CVE-2018-17605 | unknown | — | — | 4y ago | Asset Pipeline plugin for Grails vulnerable to Path Traversal | |||
| CVE-2018-19413 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API |