CVEs from 2018
Total
2,843
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.4%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000410 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000407 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins | |||
| CVE-2018-1000997 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-19789 | unknown | — | — | 4y ago | An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `strin… | |||
| CVE-2018-19790 | unknown | — | — | 4y ago | An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_f… | |||
| CVE-2018-12021 | unknown | — | — | 4y ago | Singularity Incorrect Access Control | |||
| CVE-2018-1325 | unknown | — | — | 4y ago | Cross-site Scripting in wicket-jquery-ui | |||
| CVE-2018-11688 | unknown | — | — | 4y ago | Ignite Realtime Openfire vulnerable to cross-site scripting | |||
| CVE-2018-9861 | unknown | — | — | 4y ago | Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS) | |||
| CVE-2018-19271 | unknown | — | — | 4y ago | Centreon SQL Injection | |||
| CVE-2018-19312 | unknown | — | — | 4y ago | Centreon SQL Injection | |||
| CVE-2018-19280 | unknown | — | — | 4y ago | Centreon XSS Vulnerability | |||
| CVE-2018-19311 | unknown | — | — | 4y ago | Centreon XSS Vulnerability | |||
| CVE-2018-19281 | unknown | — | — | 4y ago | Centreon allows SNMP trap SQL Injection | |||
| CVE-2018-1000169 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000416 | unknown | — | — | 4y ago | Jenkins Job Config History Plugin reflected XSS vulnerability | |||
| CVE-2018-1000079 | unknown | — | — | 4y ago | RubyGems Path Traversal vulnerability | |||
| CVE-2018-0499 | unknown | — | — | 4y ago | A cross-site scripting vulnerability in queryparser/termgenerator_internal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet(). | |||
| CVE-2018-1000078 | unknown | — | — | 4y ago | RubyGems Cross-site Scripting vulnerability | |||
| CVE-2018-1000076 | unknown | — | — | 4y ago | RubyGems Improper Verification of Cryptographic Signature vulnerability | |||
| CVE-2018-1000074 | unknown | — | — | 4y ago | RubyGems Deserialization of Untrusted Data vulnerability | |||
| CVE-2018-16887 | unknown | — | — | 4y ago | katello Cross-site Scripting vulnerability | |||
| CVE-2018-18307 | unknown | — | — | 4y ago | AlchemyCMS is vulnerable to stored XSS via the /admin/pictures image field | |||
| CVE-2018-1000077 | unknown | — | — | 4y ago | RubyGems Improper Input Validation vulnerability | |||
| CVE-2018-10931 | unknown | — | — | 4y ago | Cobbler has Exposed Dangerous Method or Function | |||
| CVE-2018-8452 | unknown | — | — | 4y ago | ChakraCore information disclosure vulnerability | |||
| CVE-2018-8276 | unknown | — | — | 4y ago | ChakraCore Security Bypass | |||
| CVE-2018-8028 | unknown | — | — | 4y ago | Apache Sentry may allow attacker to access/remove data from Sentry protected table | |||
| CVE-2018-8036 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Apache PDFBox | |||
| CVE-2018-8016 | unknown | — | — | 4y ago | Missing Authentication for Critical Function in Apache Cassandra | |||
| CVE-2018-7644 | unknown | — | — | 4y ago | The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion… | |||
| CVE-2018-6835 | unknown | — | — | 4y ago | Etherpad Lite Access Restriction Bypass | |||
| CVE-2018-6521 | unknown | — | — | 4y ago | The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remo… | |||
| CVE-2018-3258 | unknown | — | — | 4y ago | Improper Privilege Management in MySQL Connectors Java | |||
| CVE-2018-20465 | unknown | — | — | 4y ago | Craft CMS Vulnerable to Server-Side Template Injection | |||
| CVE-2018-1999047 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins | |||
| CVE-2018-1999040 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Jenkins Kubernetes Plugin | |||
| CVE-2018-1999036 | unknown | — | — | 4y ago | Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log | |||
| CVE-2018-1999030 | unknown | — | — | 4y ago | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-1999032 | unknown | — | — | 4y ago | Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-1999044 | unknown | — | — | 4y ago | Infinite Loop in Jenkins Core | |||
| CVE-2018-1999028 | unknown | — | — | 4y ago | Jenkins Accurev Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-19784 | unknown | — | — | 4y ago | Weak Cryptography in PHP-Proxy | |||
| CVE-2018-19620 | unknown | — | — | 4y ago | Showdoc Unauthenticated Access | |||
| CVE-2018-19274 | unknown | — | — | 4y ago | phpBB Remote Code Execution | |||
| CVE-2018-18482 | unknown | — | — | 4y ago | An issue was discovered in libpg_query 10-1.0.2. There is a memory leak in pg_query_raw_parse in pg_query_parse.c, which might lead to a denial of service. | |||
| CVE-2018-16837 | unknown | — | — | 4y ago | Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keyge… | |||
| CVE-2018-16515 | unknown | — | — | 4y ago | Matrix Synapse Improper Signature Validation | |||
| CVE-2018-14523 | unknown | — | — | 4y ago | An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. | |||
| CVE-2018-14020 | unknown | — | — | 4y ago | Paymorrow Improper Input Validation vulnerability | |||
| CVE-2018-1340 | unknown | — | — | 4y ago | Missing Encryption of Sensitive Data in Apache Guacamole | |||
| CVE-2018-13390 | unknown | — | — | 4y ago | Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles. | |||
| CVE-2018-12972 | unknown | — | — | 4y ago | OpenTSDB vulnerable to OS Command Injection | |||
| CVE-2018-1297 | unknown | — | — | 4y ago | Missing certificate validation in Apache JMeter | |||
| CVE-2018-1287 | unknown | — | — | 4y ago | Missing certificate validation in Apache JMeter | |||
| CVE-2018-1286 | unknown | — | — | 4y ago | Apache OpenMeetings may allow authenticated attacker to deny service for privileged users | |||
| CVE-2018-12642 | unknown | — | — | 4y ago | Froxlor Incorrect Access Control | |||
| CVE-2018-12457 | unknown | — | — | 4y ago | express-cart allows any user to create an admin user | |||
| CVE-2018-12423 | unknown | — | — | 4y ago | Matrix Synapse Authorization Error | |||
| CVE-2018-12291 | unknown | — | — | 4y ago | Matrix Synapse Security Filtering Flaw | |||
| CVE-2018-1136 | unknown | — | — | 4y ago | Moodle Cross-site Scripting | |||
| CVE-2018-1134 | unknown | — | — | 4y ago | Moodle Improper Privilege Management | |||
| CVE-2018-11047 | unknown | — | — | 4y ago | Cloud Foundry UAA accepts refresh token as access token on admin endpoints | |||
| CVE-2018-1043 | unknown | — | — | 4y ago | Moodle Setting for blocked hosts list can be bypassed with multiple A record hostnames | |||
| CVE-2018-10406 | unknown | — | — | 4y ago | An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the … | |||
| CVE-2018-1000866 | unknown | — | — | 4y ago | Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass | |||
| CVE-2018-1000864 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Jenkins | |||
| CVE-2018-1000865 | unknown | — | — | 4y ago | Improper Privilege Management in Jenkins | |||
| CVE-2018-1000610 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000817 | unknown | — | — | 4y ago | Asset Pipeline Grails Plugin vulnerable to Path Traversal | |||
| CVE-2018-1000863 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-1000608 | unknown | — | — | 4y ago | Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password | |||
| CVE-2018-1000600 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials | |||
| CVE-2018-1000603 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials | |||
| CVE-2018-1000403 | unknown | — | — | 4y ago | AWS CodeDeploy Plugin stored AWS Secret Key in plain text | |||
| CVE-2018-1000401 | unknown | — | — | 4y ago | Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000420 | unknown | — | — | 4y ago | Improper authorization vulnerability in Jenkins Mesos Plugin | |||
| CVE-2018-1000408 | unknown | — | — | 4y ago | Improper Authorization in Jenkins | |||
| CVE-2018-1000404 | unknown | — | — | 4y ago | Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin | |||
| CVE-2018-1000207 | unknown | — | — | 4y ago | MODX Revolution Incorrect Access Control vulnerability | |||
| CVE-2018-1000226 | unknown | — | — | 4y ago | Cobbler Improper Validation of Security Tokens | |||
| CVE-2018-1000189 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin | |||
| CVE-2018-1000197 | unknown | — | — | 4y ago | Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration | |||
| CVE-2018-1000165 | unknown | — | — | 4y ago | LightSAML Incorrect Access Control vulnerability | |||
| CVE-2018-1000146 | unknown | — | — | 4y ago | Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM | |||
| CVE-2018-1000152 | unknown | — | — | 4y ago | Jenkins vSphere Plugin incorrect authorization vulnerability | |||
| CVE-2018-1000145 | unknown | — | — | 4y ago | Jenkins Perforce Plugin uses ineffective credentials encryption | |||
| CVE-2018-1000112 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Mercurial Plugin | |||
| CVE-2018-1000111 | unknown | — | — | 4y ago | Jenkins Subversion Plugin Incorrect Authorization vulnerability | |||
| CVE-2018-1000134 | unknown | — | — | 4y ago | Weak Password Requirements in UnboundID LDAP SDK | |||
| CVE-2018-1000114 | unknown | — | — | 4y ago | Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes | |||
| CVE-2018-1000105 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000110 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Git Plugin | |||
| CVE-2018-1000109 | unknown | — | — | 4y ago | Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs | |||
| CVE-2018-1000104 | unknown | — | — | 4y ago | Jenkins Coverity Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000107 | unknown | — | — | 4y ago | Improper authorization in Jenkins Job and Node Ownership Plugin | |||
| CVE-2018-1000106 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000057 | unknown | — | — | 4y ago | Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000025 | unknown | — | — | 4y ago | Jerome Gamez Firebase Admin SDK for PHP Incorrect Access Control vulnerability | |||
| CVE-2018-0818 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability |