CVEs from 2018
Total
2,859
critical
critical 238
high
high 331
medium
medium 261
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1999033 | unknown | — | — | 4y ago | Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin | |||
| CVE-2018-1000426 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Git Changelog Plugin | |||
| CVE-2018-3831 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2018-1000132 | unknown | — | — | 4y ago | Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via … | |||
| CVE-2018-13346 | unknown | — | — | 4y ago | The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | |||
| CVE-2018-13347 | unknown | — | — | 4y ago | mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | |||
| CVE-2018-13348 | unknown | — | — | 4y ago | The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actu… | |||
| CVE-2018-8015 | unknown | — | — | 4y ago | Apache ORC vulnerable to Uncontrolled Recursion | |||
| CVE-2018-18240 | unknown | — | — | 4y ago | Pippo RCE Vulnerability | |||
| CVE-2018-12533 | unknown | — | — | 4y ago | Arbitrary code execution in Richfaces | |||
| CVE-2018-12532 | unknown | — | — | 4y ago | RichFaces vulnerable to Expression Language Injection | |||
| CVE-2018-1000425 | unknown | — | — | 4y ago | Jenkins SonarQube Scanner Plugin stored server authentication token in plain text | |||
| CVE-2018-1000418 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows credential capture due to incorrect authorization | |||
| CVE-2018-1000424 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk | |||
| CVE-2018-1000419 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs | |||
| CVE-2018-1000412 | unknown | — | — | 4y ago | Jenkins Jira Plugin Incorrect Authorization vulnerability | |||
| CVE-2018-1000423 | unknown | — | — | 4y ago | Jenkins Crowd 2 Integration Plugin stored credentials in plain text | |||
| CVE-2018-1000149 | unknown | — | — | 4y ago | Jenkins Ansible Plugin man in the middle vulnerability | |||
| CVE-2018-1000015 | unknown | — | — | 4y ago | Incorrect permission checks in Pipeline: Nodes and Processes plugin | |||
| CVE-2018-1067 | unknown | — | — | 4y ago | Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow | |||
| CVE-2018-14657 | unknown | — | — | 4y ago | Keycloak Improper Bruteforce Detection | |||
| CVE-2018-1048 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow | |||
| CVE-2018-14642 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Undertow | |||
| CVE-2018-1190 | unknown | — | — | 4y ago | Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint | |||
| CVE-2018-14635 | unknown | — | — | 4y ago | When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service cou… | |||
| CVE-2018-1256 | unknown | — | — | 4y ago | Issuer validation regression in Spring Cloud SSO Connector | |||
| CVE-2018-1263 | unknown | — | — | 4y ago | spring-integration-zip Arbitrary File Write | |||
| CVE-2018-1262 | unknown | — | — | 4y ago | UAA privilege escalation across identity zones | |||
| CVE-2018-8012 | unknown | — | — | 4y ago | Missing Authorization in Apache ZooKeeper | |||
| CVE-2018-8088 | unknown | — | — | 4y ago | Improper Access Control in SLF4J | |||
| CVE-2018-1288 | unknown | — | — | 4y ago | Improper Control of Generation of Code in Apache Kafka | |||
| CVE-2018-1313 | unknown | — | — | 4y ago | Improper Access Control in Apache Derby | |||
| CVE-2018-1000067 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins | |||
| CVE-2018-1000068 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000193 | unknown | — | — | 4y ago | Injection in Jenkins | |||
| CVE-2018-1000192 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000194 | unknown | — | — | 4y ago | Path Traversal in Jenkins | |||
| CVE-2018-6356 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-5382 | unknown | — | — | 4y ago | Improper Validation of Integrity Check Value in Bouncy Castle | |||
| CVE-2018-1000195 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2018-1000073 | unknown | — | — | 4y ago | RubyGems Link Following vulnerability | |||
| CVE-2018-1000075 | unknown | — | — | 4y ago | RubyGems Infinite Loop vulnerability | |||
| CVE-2018-16886 | unknown | — | — | 4y ago | etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd … | |||
| CVE-2018-25031 | unknown | — | — | 4y ago | Spoofing attack in swagger-ui | |||
| CVE-2018-1099 | unknown | — | — | 4y ago | DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other add… | |||
| CVE-2018-1098 | unknown | — | — | 4y ago | A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done wit… | |||
| CVE-2018-21234 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Jodd | |||
| CVE-2018-11764 | unknown | — | — | 4y ago | Authentication bypass in Apache Hadoop | |||
| CVE-2018-11802 | unknown | — | — | 4y ago | Incorrect Authorization in Apache Solr | |||
| CVE-2018-16153 | unknown | — | — | 5y ago | Opencast publishes global system account credentials | |||
| CVE-2018-11765 | unknown | — | — | 5y ago | Improper Authentication in Apache Hadoop | |||
| CVE-2018-25007 | unknown | — | — | 5y ago | Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 | |||
| CVE-2018-5968 | unknown | — | — | 6y ago | Deserialization of Untrusted Data in jackson-databind | |||
| CVE-2018-10237 | unknown | — | — | 6y ago | Denial of Service in Google Guava | |||
| CVE-2018-15756 | unknown | — | — | 6y ago | Denial of Service in Spring Framework | |||
| CVE-2018-12023 | unknown | — | — | 6y ago | Deserialization of Untrusted Data | |||
| CVE-2018-11768 | unknown | — | — | 7y ago | user/group information can be corrupted across storing in fsimage and reading back from fsimage | |||
| CVE-2018-15890 | unknown | — | — | 7y ago | Deserialization of Untrusted Data in EthereumJ | |||
| CVE-2018-11307 | unknown | — | — | 7y ago | Deserialization of Untrusted Data in jackson-databind | |||
| CVE-2018-8029 | unknown | — | — | 7y ago | Privilege escalation vulnerability in Apache Hadoop | |||
| CVE-2018-17201 | unknown | — | — | 7y ago | Improper Input Validation in Apache Sanselan | |||
| CVE-2018-17202 | unknown | — | — | 7y ago | Infinite Loop in Apache Sanselan | |||
| CVE-2018-8035 | unknown | — | — | 7y ago | Cross-site Scripting in Apache UIMA | |||
| CVE-2018-1328 | unknown | — | — | 7y ago | Cross-site Scripting in Apache Zeppelin | |||
| CVE-2018-1317 | unknown | — | — | 7y ago | Improper Authentication in Apache Zeppelin | |||
| CVE-2018-12545 | unknown | — | — | 7y ago | Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server | |||
| CVE-2018-12022 | unknown | — | — | 7y ago | jackson-databind Deserialization of Untrusted Data vulnerability | |||
| CVE-2018-11767 | unknown | — | — | 7y ago | Improper Privilege Management in org.apache.hadoop:hadoop-main | |||
| CVE-2018-1324 | unknown | — | — | 7y ago | Apache Commons Compress vulnerable to denial of service due to infinite loop | |||
| CVE-2018-1334 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark | |||
| CVE-2018-8024 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL | |||
| CVE-2018-11793 | unknown | — | — | 7y ago | Stack Overflow in Apache Mesos | |||
| CVE-2018-1296 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Hadoop | |||
| CVE-2018-20242 | unknown | — | — | 7y ago | Cross-site Scripting in jspwiki-war | |||
| CVE-2018-1320 | unknown | — | — | 8y ago | Improper Input Validation in Apache Thrift | |||
| CVE-2018-11798 | unknown | — | — | 8y ago | Apache Thrift Node.js static web server sandbox escape | |||
| CVE-2018-11787 | unknown | — | — | 8y ago | Improper Authentication in Apache Karaf | |||
| CVE-2018-11788 | unknown | — | — | 8y ago | XML External Entity Reference in Apache Karaf | |||
| CVE-2018-20433 | unknown | — | — | 8y ago | XML External Entity Reference in mchange:c3p0 | |||
| CVE-2018-14719 | unknown | — | — | 8y ago | Arbitrary Code Execution in jackson-databind | |||
| CVE-2018-14720 | unknown | — | — | 8y ago | XML External Entity Reference (XXE) in jackson-databind | |||
| CVE-2018-14721 | unknown | — | — | 8y ago | Server-Side Request Forgery (SSRF) in jackson-databind | |||
| CVE-2018-19362 | unknown | — | — | 8y ago | com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data | |||
| CVE-2018-19361 | unknown | — | — | 8y ago | Deserialization of Untrusted Data in jackson-databind | |||
| CVE-2018-19360 | unknown | — | — | 8y ago | Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization | |||
| CVE-2018-14718 | unknown | — | — | 8y ago | Arbitrary Code Execution in jackson-databind | |||
| CVE-2018-18893 | unknown | — | — | 8y ago | Jinjava calls getClass | |||
| CVE-2018-20594 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons | |||
| CVE-2018-20595 | unknown | — | — | 8y ago | Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons | |||
| CVE-2018-17197 | unknown | — | — | 8y ago | Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser | |||
| CVE-2018-8009 | unknown | — | — | 8y ago | Path Traversal in Hadoop | |||
| CVE-2018-11766 | unknown | — | — | 8y ago | Arbitrary Command Execution in Hadoop | |||
| CVE-2018-11786 | unknown | — | — | 8y ago | Improper Privilege Management in Apache Karaf | |||
| CVE-2018-14637 | unknown | — | — | 8y ago | Improper Authentication in Keycloak | |||
| CVE-2018-1000844 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in Square Retrofit | |||
| CVE-2018-1000850 | unknown | — | — | 8y ago | Directory Traversal vulnerability in Square Retrofit | |||
| CVE-2018-1000873 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353 | |||
| CVE-2018-1000854 | unknown | — | — | 8y ago | Remote Code Execution in esigate-core | |||
| CVE-2018-1000836 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in bw-calendar-engine | |||
| CVE-2018-17195 | unknown | — | — | 8y ago | Cleartext Transmission of Sensitive Information in Apache nifi |