CVEs from 2018
Total
2,843
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.4%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10177 | unknown | — | — | — | In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a craf… | |||
| CVE-2018-11410 | unknown | — | — | — | An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly… | |||
| CVE-2018-10888 | unknown | — | — | — | A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use… | |||
| CVE-2018-5357 | unknown | — | — | — | ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. | |||
| CVE-2018-6798 | unknown | — | — | — | An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. | |||
| CVE-2018-9135 | unknown | — | — | — | In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. | |||
| CVE-2018-20124 | unknown | — | — | — | hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. | |||
| CVE-2018-18312 | unknown | — | — | — | Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||
| CVE-2018-18311 | unknown | — | — | — | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||
| CVE-2018-14424 | unknown | — | — | — | The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially… | |||
| CVE-2018-1000003 | unknown | — | — | — | Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. | |||
| CVE-2018-16657 | unknown | — | — | — | In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcit… | |||
| CVE-2018-11624 | unknown | — | — | — | In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file. | |||
| CVE-2018-11251 | unknown | — | — | — | In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGra… | |||
| CVE-2018-14436 | unknown | — | — | — | ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c. | |||
| CVE-2018-12608 | unknown | — | — | 2y ago | An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows sy… | |||
| CVE-2018-25068 | unknown | — | — | 4y ago | globalpom-utils has Insecure Temporary File | |||
| CVE-2018-18855 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Spray JSON | |||
| CVE-2018-10899 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jolokia | |||
| CVE-2018-17196 | unknown | — | — | 4y ago | Improper Input Validation in Apache Kafka | |||
| CVE-2018-1000009 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Checkstyle Plugin | |||
| CVE-2018-1000008 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins PMD Plugin | |||
| CVE-2018-1000010 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins DRY Plugin | |||
| CVE-2018-1000011 | unknown | — | — | 4y ago | XML External Entity Reference in Jenkins FindBugs Plugin | |||
| CVE-2018-1000014 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Translation Assistance plugin | |||
| CVE-2018-1000013 | unknown | — | — | 4y ago | CSRF vulnerability in Jenkins Release plugin | |||
| CVE-2018-1000012 | unknown | — | — | 4y ago | XXE vulnerability Jenkins Warnings Plugin | |||
| CVE-2018-1192 | unknown | — | — | 4y ago | Cloud Foundry UAA SessionID present in Audit Event Logs | |||
| CVE-2018-1000056 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin | |||
| CVE-2018-1000055 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Android Lint Plugin | |||
| CVE-2018-1000058 | unknown | — | — | 4y ago | Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin | |||
| CVE-2018-1000054 | unknown | — | — | 4y ago | Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference | |||
| CVE-2018-1316 | unknown | — | — | 4y ago | Apache ODE Path Traversal vulnerability | |||
| CVE-2018-1000108 | unknown | — | — | 4y ago | Reflected cross-site-scripting vulnerability in report URL of Jenkins CppNCSS Plugin | |||
| CVE-2018-1000113 | unknown | — | — | 4y ago | Stored cross-site scripting vulnerability in Jenkins TestLink Plugin | |||
| CVE-2018-1000144 | unknown | — | — | 4y ago | Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability | |||
| CVE-2018-1000147 | unknown | — | — | 4y ago | Jenkins Perforce Plugin exposure of sensitive information vulnerability exists | |||
| CVE-2018-1000151 | unknown | — | — | 4y ago | Jenkins vSphere Plugin disables SSL/TLS certificate validation by default | |||
| CVE-2018-1000150 | unknown | — | — | 4y ago | Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users | |||
| CVE-2018-1000143 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin | |||
| CVE-2018-1000142 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials | |||
| CVE-2018-1000148 | unknown | — | — | 4y ago | Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system | |||
| CVE-2018-1000153 | unknown | — | — | 4y ago | Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability | |||
| CVE-2018-1000173 | unknown | — | — | 4y ago | Jenkins Google Login Plugin Session Fixation vulnerability | |||
| CVE-2018-1000174 | unknown | — | — | 4y ago | Jenkins Google Login Plugin Open Redirect vulnerability | |||
| CVE-2018-1000177 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins S3 Publisher Plugin | |||
| CVE-2018-1000175 | unknown | — | — | 4y ago | Jenkins HTML Publisher Plugin path traversal vulnerability | |||
| CVE-2018-1000176 | unknown | — | — | 4y ago | Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field | |||
| CVE-2018-1310 | unknown | — | — | 4y ago | Apache NiFi JMS Deserialization issue | |||
| CVE-2018-1309 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Apache NiFi | |||
| CVE-2018-11650 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog Server | |||
| CVE-2018-11651 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog | |||
| CVE-2018-1000182 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins Git Plugin | |||
| CVE-2018-1000187 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Jenkins Kubernetes Plugin | |||
| CVE-2018-1000188 | unknown | — | — | 4y ago | Jenkins CAS Plugin Server-Side Request Forgery vulnerability | |||
| CVE-2018-1000184 | unknown | — | — | 4y ago | Jenkins GitHub Plugin server-side request forgery vulnerability exists | |||
| CVE-2018-1000183 | unknown | — | — | 4y ago | Jenkins GitHub Plugin exposure of sensitive information vulnerability exists | |||
| CVE-2018-1000185 | unknown | — | — | 4y ago | Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery | |||
| CVE-2018-1000202 | unknown | — | — | 4y ago | Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting | |||
| CVE-2018-1000186 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability | |||
| CVE-2018-1000196 | unknown | — | — | 4y ago | Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text | |||
| CVE-2018-1000198 | unknown | — | — | 4y ago | XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin | |||
| CVE-2018-1000190 | unknown | — | — | 4y ago | Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin | |||
| CVE-2018-12036 | unknown | — | — | 4y ago | Path Traversal in OWASP Dependency-Check | |||
| CVE-2018-12432 | unknown | — | — | 4y ago | Cross-site Scripting in JavaMelody | |||
| CVE-2018-11407 | unknown | — | — | 4y ago | An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by l… | |||
| CVE-2018-1000601 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin | |||
| CVE-2018-1000602 | unknown | — | — | 4y ago | Jenkins SAML Plugin Session Fixation vulnerability | |||
| CVE-2018-12973 | unknown | — | — | 4y ago | OpenTSDB Cross-site Scripting vulnerability | |||
| CVE-2018-13003 | unknown | — | — | 4y ago | OpenTSDB Cross-site Scripting vulnerability | |||
| CVE-2018-1000604 | unknown | — | — | 4y ago | Jenkins Badge Plugin cross-site scripting vulnerability | |||
| CVE-2018-1000607 | unknown | — | — | 4y ago | Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin | |||
| CVE-2018-1000606 | unknown | — | — | 4y ago | URLTrigger Plugin server-side request forgery vulnerability | |||
| CVE-2018-11041 | unknown | — | — | 4y ago | Cloud Foundry UAA open redirect | |||
| CVE-2018-1000609 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information | |||
| CVE-2018-13439 | unknown | — | — | 4y ago | WeChat Pay Java SDK allows XXE | |||
| CVE-2018-1000402 | unknown | — | — | 4y ago | Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-14380 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog Server | |||
| CVE-2018-14371 | unknown | — | — | 4y ago | Path Traversal in Eclipse Mojarra | |||
| CVE-2018-1999029 | unknown | — | — | 4y ago | Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin | |||
| CVE-2018-1999031 | unknown | — | — | 4y ago | Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key | |||
| CVE-2018-1999041 | unknown | — | — | 4y ago | Exposure of sensitive information vulnerability | |||
| CVE-2018-1999026 | unknown | — | — | 4y ago | Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability | |||
| CVE-2018-1999025 | unknown | — | — | 4y ago | Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability | |||
| CVE-2018-1999035 | unknown | — | — | 4y ago | Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation | |||
| CVE-2018-1000605 | unknown | — | — | 4y ago | Jenkins CollabNet Plugin man in the middle vulnerability | |||
| CVE-2018-1999034 | unknown | — | — | 4y ago | Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation | |||
| CVE-2018-1999037 | unknown | — | — | 4y ago | Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource | |||
| CVE-2018-1999038 | unknown | — | — | 4y ago | Jenkins Publisher Over CIFS Plugin confused deputy vulnerability | |||
| CVE-2018-1999039 | unknown | — | — | 4y ago | Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin | |||
| CVE-2018-14774 | unknown | — | — | 4y ago | An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http… | |||
| CVE-2018-11758 | unknown | — | — | 4y ago | XML External Entity Reference in Apache Cayenne | |||
| CVE-2018-1000665 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness | |||
| CVE-2018-17366 | unknown | — | — | 4y ago | Mingsoft MCMS CSRF vulnerability | |||
| CVE-2018-16277 | unknown | — | — | 4y ago | XWiki XSS Vulnerability | |||
| CVE-2018-11804 | unknown | — | — | 4y ago | Improper Input Validation in Apache Spark | |||
| CVE-2018-17983 | unknown | — | — | 4y ago | cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry. | |||
| CVE-2018-17605 | unknown | — | — | 4y ago | Asset Pipeline plugin for Grails vulnerable to Path Traversal | |||
| CVE-2018-19413 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API | |||
| CVE-2018-20227 | unknown | — | — | 4y ago | RDF4J vulnerable to zip slip |