VIR Vulnerability Intelligence Relay

CVEs from 2018

3,110 normalized CVEs published or assigned in this year.

Total
3,110
critical
critical 232
high
high 319
medium
medium 258
low
low 39
% Critical
7.5%
% with KEV
2.9%
% with exploit
8.3%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-1999034 unknown 4y ago Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1999037 unknown 4y ago Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
CVE-2018-1999038 unknown 4y ago Jenkins Publisher Over CIFS Plugin confused deputy vulnerability
CVE-2018-1999039 unknown 4y ago Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin
CVE-2018-14774 unknown 4y ago An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http…
CVE-2018-11758 unknown 4y ago XML External Entity Reference in Apache Cayenne
CVE-2018-1000665 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
CVE-2018-17366 unknown 4y ago Mingsoft MCMS CSRF vulnerability
CVE-2018-16277 unknown 4y ago XWiki XSS Vulnerability
CVE-2018-11804 unknown 4y ago Improper Input Validation in Apache Spark
CVE-2018-17605 unknown 4y ago Asset Pipeline plugin for Grails vulnerable to Path Traversal
CVE-2018-19413 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
CVE-2018-20227 unknown 4y ago RDF4J vulnerable to zip slip
CVE-2018-20663 unknown 4y ago The Reporting Addon for CUBA Platform has Persistent XSS
CVE-2018-1000413 unknown 4y ago Stored XSS vulnerability in Config File Provider Plugin
CVE-2018-1000417 unknown 4y ago CSRF vulnerability in Email Extension Template Plugin
CVE-2018-1000414 unknown 4y ago CSRF vulnerability in Config File Provider Plugin
CVE-2018-1000411 unknown 4y ago Jenkins JUnit Plugin CSRF vulnerability
CVE-2018-1330 unknown 4y ago Crash when decoding malformed HTTP requests or malformed JSON payload
CVE-2018-1000422 unknown 4y ago Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
CVE-2018-1000415 unknown 4y ago Cross-site Scripting in Jenkins Rebuilder Plugin
CVE-2018-1000421 unknown 4y ago Server-side request forgery vulnerability in Jenkins Mesos Plugin
CVE-2018-8031 unknown 4y ago Apache TomEE console vulnerable to Cross-site Scripting
CVE-2018-1294 unknown 4y ago Improper Input Validation Apache Commons Email
CVE-2018-1000129 unknown 4y ago Cross-site Scripting in Jolokia agent
CVE-2018-1000130 unknown 4y ago Injection in Jolokia agent
CVE-2018-11385 unknown 4y ago An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerabil…
CVE-2018-11408 unknown 4y ago The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnera…
CVE-2018-19859 unknown 4y ago OpenRefine Directory Traversal
CVE-2018-11386 unknown 4y ago An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler c…
CVE-2018-11406 unknown 4y ago An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session …
CVE-2018-1999027 unknown 4y ago Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins
CVE-2018-1000191 unknown 4y ago Jenkins Black Duck Detect Plugin information exposure vulnerability
CVE-2018-10862 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in WildFly
CVE-2018-1999046 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1999045 unknown 4y ago Improper Authentication in Jenkins
CVE-2018-1999042 unknown 4y ago Deserialization of Untrusted Data in Jenkins
CVE-2018-1000406 unknown 4y ago Path Traversal in Jenkins
CVE-2018-1000170 unknown 4y ago Cross-site Scripting in Jenkins Core
CVE-2018-1000410 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000862 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000407 unknown 4y ago Cross-site Scripting in Jenkins
CVE-2018-1000409 unknown 4y ago Session Fixation in Jenkins
CVE-2018-1000997 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins
CVE-2018-19789 unknown 4y ago An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `strin…
CVE-2018-19790 unknown 4y ago An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_f…
CVE-2018-1325 unknown 4y ago Cross-site Scripting in wicket-jquery-ui
CVE-2018-11688 unknown 4y ago Ignite Realtime Openfire vulnerable to cross-site scripting
CVE-2018-1000169 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000416 unknown 4y ago Jenkins Job Config History Plugin reflected XSS vulnerability
CVE-2018-1000074 unknown 4y ago RubyGems Deserialization of Untrusted Data vulnerability
CVE-2018-1000078 unknown 4y ago RubyGems Cross-site Scripting vulnerability
CVE-2018-1000079 unknown 4y ago RubyGems Path Traversal vulnerability
CVE-2018-1000076 unknown 4y ago RubyGems Improper Verification of Cryptographic Signature vulnerability
CVE-2018-1000077 unknown 4y ago RubyGems Improper Input Validation vulnerability
CVE-2018-8028 unknown 4y ago Apache Sentry may allow attacker to access/remove data from Sentry protected table
CVE-2018-8036 unknown 4y ago Loop with Unreachable Exit Condition in Apache PDFBox
CVE-2018-8016 unknown 4y ago Missing Authentication for Critical Function in Apache Cassandra
CVE-2018-3258 unknown 4y ago Improper Privilege Management in MySQL Connectors Java
CVE-2018-1999047 unknown 4y ago Incorrect Authorization in Jenkins
CVE-2018-1999044 unknown 4y ago Infinite Loop in Jenkins Core
CVE-2018-1999032 unknown 4y ago Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks
CVE-2018-1999030 unknown 4y ago Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks
CVE-2018-1999040 unknown 4y ago Exposure of Sensitive Information in Jenkins Kubernetes Plugin
CVE-2018-1999036 unknown 4y ago Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
CVE-2018-1999028 unknown 4y ago Jenkins Accurev Plugin CSRF vulnerability and missing permission checks
CVE-2018-1340 unknown 4y ago Missing Encryption of Sensitive Data in Apache Guacamole
CVE-2018-12972 unknown 4y ago OpenTSDB vulnerable to OS Command Injection
CVE-2018-1297 unknown 4y ago Missing certificate validation in Apache JMeter
CVE-2018-1287 unknown 4y ago Missing certificate validation in Apache JMeter
CVE-2018-1286 unknown 4y ago Apache OpenMeetings may allow authenticated attacker to deny service for privileged users
CVE-2018-11047 unknown 4y ago Cloud Foundry UAA accepts refresh token as access token on admin endpoints
CVE-2018-1000864 unknown 4y ago Loop with Unreachable Exit Condition in Jenkins
CVE-2018-1000865 unknown 4y ago Improper Privilege Management in Jenkins
CVE-2018-1000866 unknown 4y ago Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass
CVE-2018-1000863 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins
CVE-2018-1000817 unknown 4y ago Asset Pipeline Grails Plugin vulnerable to Path Traversal
CVE-2018-1000610 unknown 4y ago Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials
CVE-2018-1000603 unknown 4y ago CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials
CVE-2018-1000600 unknown 4y ago CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials
CVE-2018-1000608 unknown 4y ago Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
CVE-2018-1000401 unknown 4y ago Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials
CVE-2018-1000403 unknown 4y ago AWS CodeDeploy Plugin stored AWS Secret Key in plain text
CVE-2018-1000408 unknown 4y ago Improper Authorization in Jenkins
CVE-2018-1000404 unknown 4y ago Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin
CVE-2018-1000189 unknown 4y ago CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin
CVE-2018-1000197 unknown 4y ago Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration
CVE-2018-1000145 unknown 4y ago Jenkins Perforce Plugin uses ineffective credentials encryption
CVE-2018-1000152 unknown 4y ago Jenkins vSphere Plugin incorrect authorization vulnerability
CVE-2018-1000146 unknown 4y ago Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM
CVE-2018-1000134 unknown 4y ago Weak Password Requirements in UnboundID LDAP SDK
CVE-2018-1000112 unknown 4y ago Incorrect Authorization in Jenkins Mercurial Plugin
CVE-2018-1000114 unknown 4y ago Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes
CVE-2018-1000111 unknown 4y ago Jenkins Subversion Plugin Incorrect Authorization vulnerability
CVE-2018-1000105 unknown 4y ago Incorrect Authorization in Jenkins Gerrit Trigger Plugin
CVE-2018-1000109 unknown 4y ago Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs
CVE-2018-1000107 unknown 4y ago Improper authorization in Jenkins Job and Node Ownership Plugin
CVE-2018-1000104 unknown 4y ago Jenkins Coverity Plugin has Insufficiently Protected Credentials
CVE-2018-1000110 unknown 4y ago Incorrect Authorization in Jenkins Git Plugin
CVE-2018-1000106 unknown 4y ago Incorrect Authorization in Jenkins Gerrit Trigger Plugin