VIR Vulnerability Intelligence Relay

CVEs from 2018

2,843 normalized CVEs published or assigned in this year.

Total
2,843
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.4%
% with KEV
3.1%
% with exploit
9.1%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-1000153 unknown 4y ago Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability
CVE-2018-1000148 unknown 4y ago Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system
CVE-2018-10225 unknown 4y ago thinkphp SQL Injection via the index.php s parameter
CVE-2018-1000167 unknown 4y ago OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 …
CVE-2018-10095 unknown 4y ago Dolibarr Cross-site scripting (XSS) vulnerability
CVE-2018-10657 unknown 4y ago Matrix Synapse DoS
CVE-2018-1000174 unknown 4y ago Jenkins Google Login Plugin Open Redirect vulnerability
CVE-2018-1000173 unknown 4y ago Jenkins Google Login Plugin Session Fixation vulnerability
CVE-2018-1000177 unknown 4y ago Stored XSS vulnerability in Jenkins S3 Publisher Plugin
CVE-2018-1000175 unknown 4y ago Jenkins HTML Publisher Plugin path traversal vulnerability
CVE-2018-1000176 unknown 4y ago Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field
CVE-2018-11326 unknown 4y ago Joomla! XSS Vulnerability
CVE-2018-1135 unknown 4y ago Moodle Portfolio forum caller class allows a user to download any file
CVE-2018-1137 unknown 4y ago Moodle Portfolio script allows instantiation of class chosen by user
CVE-2018-1310 unknown 4y ago Apache NiFi JMS Deserialization issue
CVE-2018-1309 unknown 4y ago Improper Restriction of XML External Entity Reference in Apache NiFi
CVE-2018-11650 unknown 4y ago Cross-site Scripting in Graylog Server
CVE-2018-11651 unknown 4y ago Cross-site Scripting in Graylog
CVE-2018-11495 unknown 4y ago OpenCart Path Traversal
CVE-2018-11494 unknown 4y ago OpenCart Path Traversal
CVE-2018-1000182 unknown 4y ago Server-Side Request Forgery in Jenkins Git Plugin
CVE-2018-1000184 unknown 4y ago Jenkins GitHub Plugin server-side request forgery vulnerability exists
CVE-2018-1000186 unknown 4y ago Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
CVE-2018-1000185 unknown 4y ago Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
CVE-2018-1000183 unknown 4y ago Jenkins GitHub Plugin exposure of sensitive information vulnerability exists
CVE-2018-1000202 unknown 4y ago Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting
CVE-2018-1000187 unknown 4y ago Exposure of Sensitive Information in Jenkins Kubernetes Plugin
CVE-2018-1000188 unknown 4y ago Jenkins CAS Plugin Server-Side Request Forgery vulnerability
CVE-2018-1000190 unknown 4y ago Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin
CVE-2018-1000198 unknown 4y ago XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin
CVE-2018-1000196 unknown 4y ago Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text
CVE-2018-6591 unknown 4y ago Converse.js Exposure of Sensitive Information
CVE-2018-12036 unknown 4y ago Path Traversal in OWASP Dependency-Check
CVE-2018-12432 unknown 4y ago Cross-site Scripting in JavaMelody
CVE-2018-11407 unknown 4y ago An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by l…
CVE-2018-12290 unknown 4y ago Yii2-StateMachine extension for Yii2 XSS Vulnerability
CVE-2018-11647 unknown 4y ago oauth2orize-fprm XSS vulnerability
CVE-2018-12071 unknown 4y ago CodeIgniter Session Fixation Vulnerability
CVE-2018-12581 unknown 4y ago phpMyAdmin XSS Vulnerability
CVE-2018-13448 unknown 4y ago Dolibarr SQL injection vulnerability in product/card.php
CVE-2018-12104 unknown 4y ago Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the pos…
CVE-2018-13447 unknown 4y ago Dolibarr SQL injection vulnerability in product/card.php
CVE-2018-1000601 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin
CVE-2018-1000602 unknown 4y ago Jenkins SAML Plugin Session Fixation vulnerability
CVE-2018-1000534 unknown 4y ago Joplin Vulnerable to Cross-site Scripting in Note Content
CVE-2018-13003 unknown 4y ago OpenTSDB Cross-site Scripting vulnerability
CVE-2018-12973 unknown 4y ago OpenTSDB Cross-site Scripting vulnerability
CVE-2018-0574 unknown 4y ago XSS in baserCMS
CVE-2018-0570 unknown 4y ago XSS in baserCMS
CVE-2018-0571 unknown 4y ago baserCMS arbitrary file upload vulnerability
CVE-2018-0575 unknown 4y ago Sensitive Data Exposure in baserCMS
CVE-2018-0569 unknown 4y ago OS Command Injection in baserCMS
CVE-2018-3749 unknown 4y ago Improper Input Validation in Deap
CVE-2018-11537 unknown 4y ago Auth0 angular-jwt misinterprets allowlist as regex
CVE-2018-1000604 unknown 4y ago Jenkins Badge Plugin cross-site scripting vulnerability
CVE-2018-1000606 unknown 4y ago URLTrigger Plugin server-side request forgery vulnerability
CVE-2018-11041 unknown 4y ago Cloud Foundry UAA open redirect
CVE-2018-1000609 unknown 4y ago Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information
CVE-2018-1000607 unknown 4y ago Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin
CVE-2018-13339 unknown 4y ago Angular Redactor XSS Vulnerability
CVE-2018-11587 unknown 4y ago Centreon RCE Vulnerability
CVE-2018-1000516 unknown 4y ago The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sani…
CVE-2018-13067 unknown 4y ago OpenCart Cross-Site Request Forgery (CSRF)
CVE-2018-12018 unknown 4y ago Panic due to improper validation of RPC messages in github.com/ethereum/go-ethereum
CVE-2018-13450 unknown 4y ago Dolibarr SQL injection vulnerability in product/card.php
CVE-2018-13449 unknown 4y ago Dolibarr SQL injection vulnerability in product/card.php
CVE-2018-13439 unknown 4y ago WeChat Pay Java SDK allows XXE
CVE-2018-8356 unknown 4y ago Improper Certificate Validation in Microsoft .NET Framework components
CVE-2018-1000402 unknown 4y ago Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials
CVE-2018-14065 unknown 4y ago PHPOffice Common Improper Restriction of XML External Entity Reference
CVE-2018-14380 unknown 4y ago Cross-site Scripting in Graylog Server
CVE-2018-14381 unknown 4y ago Pagekit open redirect vulnerability
CVE-2018-14521 unknown 4y ago An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.
CVE-2018-14371 unknown 4y ago Path Traversal in Eclipse Mojarra
CVE-2018-1999021 unknown 4y ago Gleez Cms Cross-site Scripting in Profile Page
CVE-2018-14835 unknown 4y ago Subrion CMS XSS
CVE-2018-1999029 unknown 4y ago Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin
CVE-2018-1999031 unknown 4y ago Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
CVE-2018-14504 unknown 4y ago MantisBT allows XSS on the Edit Filter page via crafted filter name
CVE-2018-6519 unknown 4y ago The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.
CVE-2018-1999041 unknown 4y ago Exposure of sensitive information vulnerability
CVE-2018-1999025 unknown 4y ago Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
CVE-2018-1999026 unknown 4y ago Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
CVE-2018-13055 unknown 4y ago MantisBT allows XSS via View Filters page
CVE-2018-1999035 unknown 4y ago Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1000605 unknown 4y ago Jenkins CollabNet Plugin man in the middle vulnerability
CVE-2018-1999034 unknown 4y ago Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1999037 unknown 4y ago Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
CVE-2018-1999038 unknown 4y ago Jenkins Publisher Over CIFS Plugin confused deputy vulnerability
CVE-2018-1999039 unknown 4y ago Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin
CVE-2018-14774 unknown 4y ago An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http…
CVE-2018-15192 unknown 4y ago Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea
CVE-2018-15601 unknown 4y ago Elefant CMS Improper Input Validation
CVE-2018-1000225 unknown 4y ago Cobbler XSS Vulnerability
CVE-2018-1000640 unknown 4y ago OpenCart-Overclocked Cross-site Scripting Vulnerability
CVE-2018-16387 unknown 4y ago Elefant CMS CSRF Vulnerability
CVE-2018-16342 unknown 4y ago Showdoc XSS Vulnerability
CVE-2018-16347 unknown 4y ago Gleez CMS Vulnerable to Cross-site Scripting in media/imagecache/resize
CVE-2018-15605 unknown 4y ago An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that fil…
CVE-2018-8315 unknown 4y ago ChakraCore information disclosure vulnerability