VIR Vulnerability Intelligence Relay

CVEs from 2018

2,843 normalized CVEs published or assigned in this year.

Total
2,843
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.4%
% with KEV
3.1%
% with exploit
9.1%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-8315 unknown 4y ago ChakraCore information disclosure vulnerability
CVE-2018-16650 unknown 4y ago phpMyFAQ CSRF
CVE-2018-11758 unknown 4y ago XML External Entity Reference in Apache Cayenne
CVE-2018-17031 unknown 4y ago Gogs XSS Vulnerability in gogs.io/gogs
CVE-2018-1000665 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
CVE-2018-15121 unknown 4y ago Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery
CVE-2018-15563 unknown 4y ago Subrion CMS Stored Cross-site Scripting (XSS)
CVE-2018-16327 unknown 4y ago Subrion Cross-site Scripting (XSS)
CVE-2018-11352 unknown 4y ago Wallabag cross-site scripting (XSS) vulnerability
CVE-2018-17366 unknown 4y ago Mingsoft MCMS CSRF vulnerability
CVE-2018-16277 unknown 4y ago XWiki XSS Vulnerability
CVE-2018-16831 unknown 4y ago Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
CVE-2018-17876 unknown 4y ago Coaster CMS Stored Cross-site Scripting vulnerability
CVE-2018-16974 unknown 4y ago Elefant CMS Code Execution Vulnerability
CVE-2018-17566 unknown 4y ago ThinkPHP SQL injection vulnerability
CVE-2018-17102 unknown 4y ago QuickAppsCMS Cross-Site Request Forgery (CSRF)
CVE-2018-16982 unknown 4y ago Open Chinese Convert subject to Denial of Service via Out-of-bounds Read
CVE-2018-18529 unknown 4y ago ThinkPHP SQLi Vulnerability
CVE-2018-18420 unknown 4y ago Zenario CMS vulnerable to CSRF
CVE-2018-18530 unknown 4y ago ThinkPHP SQLi Vulnerability
CVE-2018-18478 unknown 4y ago LibreNMS XSS Vulnerability
CVE-2018-18546 unknown 4y ago ThinkPHP SQLi Vulnerability
CVE-2018-17783 unknown 4y ago MantisBT allows XSS via Edit Filter page
CVE-2018-17782 unknown 4y ago MantisBT allows XSS via the Manage Filter page
CVE-2018-18943 unknown 4y ago XSS in baserCMS before 4.1.4
CVE-2018-11804 unknown 4y ago Improper Input Validation in Apache Spark
CVE-2018-17983 unknown 4y ago cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
CVE-2018-9209 unknown 4y ago FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability
CVE-2018-19609 unknown 4y ago Showdoc Forced Browsing
CVE-2018-19621 unknown 4y ago Showdoc CSRF Vulnerability
CVE-2018-19785 unknown 4y ago XSS in PHP-Proxy-App through v3.0
CVE-2018-17605 unknown 4y ago Asset Pipeline plugin for Grails vulnerable to Path Traversal
CVE-2018-17256 unknown 4y ago Umbraco CMS vulnerable to stored XSS
CVE-2018-19133 unknown 4y ago Flarum Core Leaks PII
CVE-2018-19413 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
CVE-2018-20227 unknown 4y ago RDF4J vulnerable to zip slip
CVE-2018-19995 unknown 4y ago Dolibarr stored cross-site scripting (XSS) vulnerability
CVE-2018-18921 unknown 4y ago CSRF in PHP Server Monitor before 3.3.2
CVE-2018-19993 unknown 4y ago Dolibarr reflected cross-site scripting (XSS) vulnerability
CVE-2018-19992 unknown 4y ago Dolibarr stored cross-site scripting (XSS) vulnerability
CVE-2018-1000816 unknown 4y ago Grafana XSS Vulnerability
CVE-2018-19994 unknown 4y ago Dolibarr error-based SQL injection vulnerability in product/card.php
CVE-2018-19998 unknown 4y ago Dolibarr SQL injection vulnerability in user/card.php
CVE-2018-1000826 unknown 4y ago Microweber XSS Vulnerability
CVE-2018-20583 unknown 4y ago PHP League CommonMark vulnerable to Cross-Site Scripting (XSS)
CVE-2018-20663 unknown 4y ago The Reporting Addon for CUBA Platform has Persistent XSS
CVE-2018-1000413 unknown 4y ago Stored XSS vulnerability in Config File Provider Plugin
CVE-2018-20713 unknown 4y ago Shopware SQL Injection
CVE-2018-1000414 unknown 4y ago CSRF vulnerability in Config File Provider Plugin
CVE-2018-1000417 unknown 4y ago CSRF vulnerability in Email Extension Template Plugin
CVE-2018-20682 unknown 4y ago Fork CMS XSS Vulnerability
CVE-2018-19295 unknown 4y ago Sylabs Singularity Improper Input Validation
CVE-2018-1000411 unknown 4y ago Jenkins JUnit Plugin CSRF vulnerability
CVE-2018-1330 unknown 4y ago Crash when decoding malformed HTTP requests or malformed JSON payload
CVE-2018-1000421 unknown 4y ago Server-side request forgery vulnerability in Jenkins Mesos Plugin
CVE-2018-1000415 unknown 4y ago Cross-site Scripting in Jenkins Rebuilder Plugin
CVE-2018-1000422 unknown 4y ago Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
CVE-2018-19148 unknown 4y ago Caddy allows enumeration of Certificates and Hostnames
CVE-2018-20717 unknown 4y ago PrestaShop PHP Object Injection
CVE-2018-19653 unknown 4y ago HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul
CVE-2018-20755 unknown 4y ago MODX Revolution vulnerable to XSS attack through its User Photo field
CVE-2018-16191 unknown 4y ago EC-CUBE Open redirect vulnerability
CVE-2018-20757 unknown 4y ago MODX Revolution allows XSS through extended user fields
CVE-2018-20756 unknown 4y ago MODX Revolution allows XSS via document resources
CVE-2018-20745 unknown 4y ago Yii Incorrectly Implements CORS
CVE-2018-20744 unknown 4y ago Insecure wildcard CORS policy in github.com/rs/cors
CVE-2018-16629 unknown 4y ago Subrion CMS XSS
CVE-2018-16630 unknown 4y ago Kirby XSS Vulnerability
CVE-2018-16638 unknown 4y ago Evolution CMS Cross-site Scripting (XSS)
CVE-2018-16637 unknown 4y ago Evolution CMS Stored Cross-site Scripting (XSS)
CVE-2018-8031 unknown 4y ago Apache TomEE console vulnerable to Cross-site Scripting
CVE-2018-7749 unknown 4y ago The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authe…
CVE-2018-1294 unknown 4y ago Improper Input Validation Apache Commons Email
CVE-2018-1000129 unknown 4y ago Cross-site Scripting in Jolokia agent
CVE-2018-16808 unknown 4y ago Dolibarr Stored Cross-site Scripting in expensereport/card.php
CVE-2018-1000130 unknown 4y ago Injection in Jolokia agent
CVE-2018-16809 unknown 4y ago Dolibarr SQL injection via the integer parameters qty and value_unit
CVE-2018-11385 unknown 4y ago An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerabil…
CVE-2018-11408 unknown 4y ago The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnera…
CVE-2018-14486 unknown 4y ago DNN XSS Vulnerability
CVE-2018-20678 unknown 4y ago LibreNMS SQL Injection
CVE-2018-19859 unknown 4y ago OpenRefine Directory Traversal
CVE-2018-11386 unknown 4y ago An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler c…
CVE-2018-11406 unknown 4y ago An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session …
CVE-2018-16859 unknown 4y ago Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user w…
CVE-2018-1999027 unknown 4y ago Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins
CVE-2018-1000191 unknown 4y ago Jenkins Black Duck Detect Plugin information exposure vulnerability
CVE-2018-14522 unknown 4y ago An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.
CVE-2018-19969 unknown 4y ago phpMyAdmin CSRF Vulnerability
CVE-2018-19970 unknown 4y ago In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
CVE-2018-19968 unknown 4y ago phpMyAdmin Local file inclusion through transformation feature
CVE-2018-19917 unknown 4y ago Microweber XSS Vulnerability
CVE-2018-10862 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in WildFly
CVE-2018-1999046 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1999042 unknown 4y ago Deserialization of Untrusted Data in Jenkins
CVE-2018-1999045 unknown 4y ago Improper Authentication in Jenkins
CVE-2018-1000409 unknown 4y ago Session Fixation in Jenkins
CVE-2018-1000410 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000406 unknown 4y ago Path Traversal in Jenkins
CVE-2018-1000862 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins