CVEs from 2018
Total
2,841
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.4%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17856 | unknown | — | — | 4y ago | Joomla RCE Vulnerability | |||
| CVE-2018-17848 | unknown | — | — | 4y ago | Panic when parsing certain inputs in golang.org/x/net/html | |||
| CVE-2018-17847 | unknown | — | — | 4y ago | Panic when parsing certain inputs in golang.org/x/net/html | |||
| CVE-2018-17142 | unknown | — | — | 4y ago | Incorrect parsing of nested templates in golang.org/x/net/html | |||
| CVE-2018-17143 | unknown | — | — | 4y ago | Panic on unconsidered isindex and template combination in golang.org/x/net/html | |||
| CVE-2018-17060 | unknown | — | — | 4y ago | Improper Access Control in Telerik Extensions | |||
| CVE-2018-17075 | unknown | — | — | 4y ago | Panic when parsing malformed HTML in golang.org/x/net/html | |||
| CVE-2018-16975 | unknown | — | — | 4y ago | Elefant CMS PHP Code Execution Vulnerability | |||
| CVE-2018-16704 | unknown | — | — | 4y ago | Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users | |||
| CVE-2018-12532 | unknown | — | — | 4y ago | RichFaces vulnerable to Expression Language Injection | |||
| CVE-2018-12533 | unknown | — | — | 4y ago | Arbitrary code execution in Richfaces | |||
| CVE-2018-1022 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-1019 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-10092 | unknown | — | — | 4y ago | Dolibarr arbitrary commands execution | |||
| CVE-2018-1000424 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk | |||
| CVE-2018-1000425 | unknown | — | — | 4y ago | Jenkins SonarQube Scanner Plugin stored server authentication token in plain text | |||
| CVE-2018-1000418 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows credential capture due to incorrect authorization | |||
| CVE-2018-1000419 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs | |||
| CVE-2018-1000527 | unknown | — | — | 4y ago | Froxlor PHP Object Injection vulnerability | |||
| CVE-2018-1000423 | unknown | — | — | 4y ago | Jenkins Crowd 2 Integration Plugin stored credentials in plain text | |||
| CVE-2018-1000412 | unknown | — | — | 4y ago | Jenkins Jira Plugin Incorrect Authorization vulnerability | |||
| CVE-2018-1000149 | unknown | — | — | 4y ago | Jenkins Ansible Plugin man in the middle vulnerability | |||
| CVE-2018-1000015 | unknown | — | — | 4y ago | Incorrect permission checks in Pipeline: Nodes and Processes plugin | |||
| CVE-2018-0990 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0994 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0993 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0995 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0979 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0945 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0954 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0936 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0937 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0939 | unknown | — | — | 4y ago | ChakraCore information disclosure vulnerability | |||
| CVE-2018-0943 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0925 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0930 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0931 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0872 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0873 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0874 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0856 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0858 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0859 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0857 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-0836 | unknown | — | — | 4y ago | ChakraCore RCE Vulnerability | |||
| CVE-2018-1081 | unknown | — | — | 4y ago | Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script | |||
| CVE-2018-1067 | unknown | — | — | 4y ago | Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow | |||
| CVE-2018-8013 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Apache Batik | |||
| CVE-2018-10891 | unknown | — | — | 4y ago | Moodle XSS Vulnerability | |||
| CVE-2018-19787 | unknown | — | — | 4y ago | An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, a… | |||
| CVE-2018-14657 | unknown | — | — | 4y ago | Keycloak Improper Bruteforce Detection | |||
| CVE-2018-1048 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow | |||
| CVE-2018-14642 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Undertow | |||
| CVE-2018-7206 | unknown | — | — | 4y ago | An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membersh… | |||
| CVE-2018-9019 | unknown | — | — | 4y ago | Dolibarr SQL Injection vulnerability | |||
| CVE-2018-16552 | unknown | — | — | 4y ago | MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. | |||
| CVE-2018-1190 | unknown | — | — | 4y ago | Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint | |||
| CVE-2018-15598 | unknown | — | — | 4y ago | Traefik Missing Authentication in github.com/traefik/traefik | |||
| CVE-2018-10875 | unknown | — | — | 4y ago | A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing … | |||
| CVE-2018-16876 | unknown | — | — | 4y ago | ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | |||
| CVE-2018-10874 | unknown | — | — | 4y ago | In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | |||
| CVE-2018-16856 | unknown | — | — | 4y ago | In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are read… | |||
| CVE-2018-14635 | unknown | — | — | 4y ago | When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service cou… | |||
| CVE-2018-0875 | unknown | — | — | 4y ago | .NET Core Denial of Service Vulnerability | |||
| CVE-2018-1256 | unknown | — | — | 4y ago | Issuer validation regression in Spring Cloud SSO Connector | |||
| CVE-2018-1263 | unknown | — | — | 4y ago | spring-integration-zip Arbitrary File Write | |||
| CVE-2018-1262 | unknown | — | — | 4y ago | UAA privilege escalation across identity zones | |||
| CVE-2018-9110 | unknown | — | — | 4y ago | Directory Traversal in Studio 42 elFinder | |||
| CVE-2018-9109 | unknown | — | — | 4y ago | elFinder Path Traversal vulnerability | |||
| CVE-2018-8012 | unknown | — | — | 4y ago | Missing Authorization in Apache ZooKeeper | |||
| CVE-2018-13982 | unknown | — | — | 4y ago | Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the execut… | |||
| CVE-2018-8088 | unknown | — | — | 4y ago | Improper Access Control in SLF4J | |||
| CVE-2018-5387 | unknown | — | — | 4y ago | Wizkunde SAMLBase SAML Bypass | |||
| CVE-2018-1313 | unknown | — | — | 4y ago | Improper Access Control in Apache Derby | |||
| CVE-2018-1288 | unknown | — | — | 4y ago | Improper Control of Generation of Code in Apache Kafka | |||
| CVE-2018-1000067 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins | |||
| CVE-2018-1000192 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000068 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000193 | unknown | — | — | 4y ago | Injection in Jenkins | |||
| CVE-2018-1000195 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2018-1000194 | unknown | — | — | 4y ago | Path Traversal in Jenkins | |||
| CVE-2018-6356 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-5382 | unknown | — | — | 4y ago | Improper Validation of Integrity Check Value in Bouncy Castle | |||
| CVE-2018-1000075 | unknown | — | — | 4y ago | RubyGems Infinite Loop vulnerability | |||
| CVE-2018-1000073 | unknown | — | — | 4y ago | RubyGems Link Following vulnerability | |||
| CVE-2018-12615 | unknown | — | — | 4y ago | An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., … | |||
| CVE-2018-14623 | unknown | — | — | 4y ago | katello SQL Injection vulnerability | |||
| CVE-2018-18260 | unknown | — | — | 4y ago | Camaleon CMS vulnerable to Stored Cross-site Scripting | |||
| CVE-2018-18385 | unknown | — | — | 4y ago | Asciidoctor Infinite Loop vulnerability | |||
| CVE-2018-25033 | unknown | — | — | 4y ago | ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a. | |||
| CVE-2018-16886 | unknown | — | — | 4y ago | etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd … | |||
| CVE-2018-1000883 | unknown | — | — | 4y ago | Header Injection | |||
| CVE-2018-20302 | unknown | — | — | 4y ago | Cross-site Scripting in xain | |||
| CVE-2018-1000162 | unknown | — | — | 4y ago | Cross-site Scripting in Parsedown | |||
| CVE-2018-25031 | unknown | — | — | 4y ago | Spoofing attack in swagger-ui | |||
| CVE-2018-18206 | unknown | — | — | 4y ago | Panic in github.com/bytom/bytom | |||
| CVE-2018-1098 | unknown | — | — | 4y ago | A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done wit… | |||
| CVE-2018-15798 | unknown | — | — | 4y ago | Pivotal Concourse Open Redirect in Login Flow | |||
| CVE-2018-1002207 | unknown | — | — | 4y ago | Arbitrary File Write via Archive Extraction in mholt/archiver in github.com/mholt/archiver | |||
| CVE-2018-18926 | unknown | — | — | 4y ago | Gitea Remote Code Execution (RCE) in code.gitea.io/gitea |