VIR Vulnerability Intelligence Relay

CVEs from 2018

3,128 normalized CVEs published or assigned in this year.

Total
3,128
critical
critical 229
high
high 302
medium
medium 256
low
low 39
% Critical
7.3%
% with KEV
2.8%
% with exploit
4.0%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-14371 unknown 4y ago Path Traversal in Eclipse Mojarra
CVE-2018-1999031 unknown 4y ago Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
CVE-2018-1999029 unknown 4y ago Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin
CVE-2018-1999041 unknown 4y ago Exposure of sensitive information vulnerability
CVE-2018-1999026 unknown 4y ago Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
CVE-2018-1999025 unknown 4y ago Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
CVE-2018-1999035 unknown 4y ago Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1000605 unknown 4y ago Jenkins CollabNet Plugin man in the middle vulnerability
CVE-2018-1999034 unknown 4y ago Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1999037 unknown 4y ago Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
CVE-2018-1999038 unknown 4y ago Jenkins Publisher Over CIFS Plugin confused deputy vulnerability
CVE-2018-1999039 unknown 4y ago Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin
CVE-2018-11758 unknown 4y ago XML External Entity Reference in Apache Cayenne
CVE-2018-1000665 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
CVE-2018-17366 unknown 4y ago Mingsoft MCMS CSRF vulnerability
CVE-2018-16277 unknown 4y ago XWiki XSS Vulnerability
CVE-2018-11804 unknown 4y ago Improper Input Validation in Apache Spark
CVE-2018-17605 unknown 4y ago Asset Pipeline plugin for Grails vulnerable to Path Traversal
CVE-2018-19413 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
CVE-2018-20227 unknown 4y ago RDF4J vulnerable to zip slip
CVE-2018-20663 unknown 4y ago The Reporting Addon for CUBA Platform has Persistent XSS
CVE-2018-1000413 unknown 4y ago Stored XSS vulnerability in Config File Provider Plugin
CVE-2018-1000417 unknown 4y ago CSRF vulnerability in Email Extension Template Plugin
CVE-2018-1000414 unknown 4y ago CSRF vulnerability in Config File Provider Plugin
CVE-2018-1000411 unknown 4y ago Jenkins JUnit Plugin CSRF vulnerability
CVE-2018-1330 unknown 4y ago Crash when decoding malformed HTTP requests or malformed JSON payload
CVE-2018-1000421 unknown 4y ago Server-side request forgery vulnerability in Jenkins Mesos Plugin
CVE-2018-1000422 unknown 4y ago Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
CVE-2018-1000415 unknown 4y ago Cross-site Scripting in Jenkins Rebuilder Plugin
CVE-2018-8031 unknown 4y ago Apache TomEE console vulnerable to Cross-site Scripting
CVE-2018-1306 unknown 4y ago Exposure of Sensitive Information in Apache Pluto
CVE-2018-8718 unknown 4y ago Cross-Site Request Forgery in Jenkins Mailer Plugin
CVE-2018-1294 unknown 4y ago Improper Input Validation Apache Commons Email
CVE-2018-1000129 unknown 4y ago Cross-site Scripting in Jolokia agent
CVE-2018-1000130 unknown 4y ago Injection in Jolokia agent
CVE-2018-19859 unknown 4y ago OpenRefine Directory Traversal
CVE-2018-1999027 unknown 4y ago Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins
CVE-2018-1000191 unknown 4y ago Jenkins Black Duck Detect Plugin information exposure vulnerability
CVE-2018-10862 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in WildFly
CVE-2018-1999042 unknown 4y ago Deserialization of Untrusted Data in Jenkins
CVE-2018-1999046 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1999045 unknown 4y ago Improper Authentication in Jenkins
CVE-2018-1000409 unknown 4y ago Session Fixation in Jenkins
CVE-2018-1000410 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000406 unknown 4y ago Path Traversal in Jenkins
CVE-2018-1000407 unknown 4y ago Cross-site Scripting in Jenkins
CVE-2018-1000170 unknown 4y ago Cross-site Scripting in Jenkins Core
CVE-2018-1000862 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000997 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins
CVE-2018-1325 unknown 4y ago Cross-site Scripting in wicket-jquery-ui
CVE-2018-11688 unknown 4y ago Ignite Realtime Openfire vulnerable to cross-site scripting
CVE-2018-1000169 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000416 unknown 4y ago Jenkins Job Config History Plugin reflected XSS vulnerability
CVE-2018-1000077 unknown 4y ago RubyGems Improper Input Validation vulnerability
CVE-2018-1000078 unknown 4y ago RubyGems Cross-site Scripting vulnerability
CVE-2018-1000076 unknown 4y ago RubyGems Improper Verification of Cryptographic Signature vulnerability
CVE-2018-1000079 unknown 4y ago RubyGems Path Traversal vulnerability
CVE-2018-1000074 unknown 4y ago RubyGems Deserialization of Untrusted Data vulnerability
CVE-2018-8028 unknown 4y ago Apache Sentry may allow attacker to access/remove data from Sentry protected table
CVE-2018-8036 unknown 4y ago Loop with Unreachable Exit Condition in Apache PDFBox
CVE-2018-8016 unknown 4y ago Missing Authentication for Critical Function in Apache Cassandra
CVE-2018-3258 unknown 4y ago Improper Privilege Management in MySQL Connectors Java
CVE-2018-1999047 unknown 4y ago Incorrect Authorization in Jenkins
CVE-2018-1999028 unknown 4y ago Jenkins Accurev Plugin CSRF vulnerability and missing permission checks
CVE-2018-1999040 unknown 4y ago Exposure of Sensitive Information in Jenkins Kubernetes Plugin
CVE-2018-1999032 unknown 4y ago Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks
CVE-2018-1999044 unknown 4y ago Infinite Loop in Jenkins Core
CVE-2018-1999036 unknown 4y ago Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
CVE-2018-1999030 unknown 4y ago Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks
CVE-2018-1340 unknown 4y ago Missing Encryption of Sensitive Data in Apache Guacamole
CVE-2018-1297 unknown 4y ago Missing certificate validation in Apache JMeter
CVE-2018-12972 unknown 4y ago OpenTSDB vulnerable to OS Command Injection
CVE-2018-1287 unknown 4y ago Missing certificate validation in Apache JMeter
CVE-2018-1286 unknown 4y ago Apache OpenMeetings may allow authenticated attacker to deny service for privileged users
CVE-2018-11047 unknown 4y ago Cloud Foundry UAA accepts refresh token as access token on admin endpoints
CVE-2018-1000865 unknown 4y ago Improper Privilege Management in Jenkins
CVE-2018-1000864 unknown 4y ago Loop with Unreachable Exit Condition in Jenkins
CVE-2018-1000866 unknown 4y ago Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass
CVE-2018-1000610 unknown 4y ago Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials
CVE-2018-1000863 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins
CVE-2018-1000817 unknown 4y ago Asset Pipeline Grails Plugin vulnerable to Path Traversal
CVE-2018-1000603 unknown 4y ago CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials
CVE-2018-1000608 unknown 4y ago Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
CVE-2018-1000600 unknown 4y ago CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials
CVE-2018-1000401 unknown 4y ago Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials
CVE-2018-1000403 unknown 4y ago AWS CodeDeploy Plugin stored AWS Secret Key in plain text
CVE-2018-1000404 unknown 4y ago Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin
CVE-2018-1000408 unknown 4y ago Improper Authorization in Jenkins
CVE-2018-1000197 unknown 4y ago Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration
CVE-2018-1000189 unknown 4y ago CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin
CVE-2018-1000152 unknown 4y ago Jenkins vSphere Plugin incorrect authorization vulnerability
CVE-2018-1000146 unknown 4y ago Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM
CVE-2018-1000145 unknown 4y ago Jenkins Perforce Plugin uses ineffective credentials encryption
CVE-2018-1000111 unknown 4y ago Jenkins Subversion Plugin Incorrect Authorization vulnerability
CVE-2018-1000112 unknown 4y ago Incorrect Authorization in Jenkins Mercurial Plugin
CVE-2018-1000134 unknown 4y ago Weak Password Requirements in UnboundID LDAP SDK
CVE-2018-1000114 unknown 4y ago Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes
CVE-2018-1000105 unknown 4y ago Incorrect Authorization in Jenkins Gerrit Trigger Plugin
CVE-2018-1000106 unknown 4y ago Incorrect Authorization in Jenkins Gerrit Trigger Plugin
CVE-2018-1000104 unknown 4y ago Jenkins Coverity Plugin has Insufficiently Protected Credentials