CVEs from 2018
Total
3,110
critical
critical 232
high
high 319
medium
medium 258
low
low 39
% Critical
7.5%
% with KEV
2.9%
% with exploit
8.3%
Top vendors
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000605 | unknown | — | — | 4y ago | Jenkins CollabNet Plugin man in the middle vulnerability | |||
| CVE-2018-1999037 | unknown | — | — | 4y ago | Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource | |||
| CVE-2018-1999038 | unknown | — | — | 4y ago | Jenkins Publisher Over CIFS Plugin confused deputy vulnerability | |||
| CVE-2018-1999039 | unknown | — | — | 4y ago | Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin | |||
| CVE-2018-14774 | unknown | — | — | 4y ago | An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http… | |||
| CVE-2018-11758 | unknown | — | — | 4y ago | XML External Entity Reference in Apache Cayenne | |||
| CVE-2018-1000665 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness | |||
| CVE-2018-17366 | unknown | — | — | 4y ago | Mingsoft MCMS CSRF vulnerability | |||
| CVE-2018-16277 | unknown | — | — | 4y ago | XWiki XSS Vulnerability | |||
| CVE-2018-11804 | unknown | — | — | 4y ago | Improper Input Validation in Apache Spark | |||
| CVE-2018-17605 | unknown | — | — | 4y ago | Asset Pipeline plugin for Grails vulnerable to Path Traversal | |||
| CVE-2018-19413 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API | |||
| CVE-2018-20227 | unknown | — | — | 4y ago | RDF4J vulnerable to zip slip | |||
| CVE-2018-20663 | unknown | — | — | 4y ago | The Reporting Addon for CUBA Platform has Persistent XSS | |||
| CVE-2018-1000413 | unknown | — | — | 4y ago | Stored XSS vulnerability in Config File Provider Plugin | |||
| CVE-2018-1000417 | unknown | — | — | 4y ago | CSRF vulnerability in Email Extension Template Plugin | |||
| CVE-2018-1000414 | unknown | — | — | 4y ago | CSRF vulnerability in Config File Provider Plugin | |||
| CVE-2018-1000411 | unknown | — | — | 4y ago | Jenkins JUnit Plugin CSRF vulnerability | |||
| CVE-2018-1330 | unknown | — | — | 4y ago | Crash when decoding malformed HTTP requests or malformed JSON payload | |||
| CVE-2018-1000421 | unknown | — | — | 4y ago | Server-side request forgery vulnerability in Jenkins Mesos Plugin | |||
| CVE-2018-1000415 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Rebuilder Plugin | |||
| CVE-2018-1000422 | unknown | — | — | 4y ago | Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability | |||
| CVE-2018-8031 | unknown | — | — | 4y ago | Apache TomEE console vulnerable to Cross-site Scripting | |||
| CVE-2018-1294 | unknown | — | — | 4y ago | Improper Input Validation Apache Commons Email | |||
| CVE-2018-1000129 | unknown | — | — | 4y ago | Cross-site Scripting in Jolokia agent | |||
| CVE-2018-1000130 | unknown | — | — | 4y ago | Injection in Jolokia agent | |||
| CVE-2018-11385 | unknown | — | — | 4y ago | An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerabil… | |||
| CVE-2018-11408 | unknown | — | — | 4y ago | The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnera… | |||
| CVE-2018-19859 | unknown | — | — | 4y ago | OpenRefine Directory Traversal | |||
| CVE-2018-11386 | unknown | — | — | 4y ago | An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler c… | |||
| CVE-2018-11406 | unknown | — | — | 4y ago | An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session … | |||
| CVE-2018-1999027 | unknown | — | — | 4y ago | Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins | |||
| CVE-2018-1000191 | unknown | — | — | 4y ago | Jenkins Black Duck Detect Plugin information exposure vulnerability | |||
| CVE-2018-10862 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in WildFly | |||
| CVE-2018-1999045 | unknown | — | — | 4y ago | Improper Authentication in Jenkins | |||
| CVE-2018-1999042 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Jenkins | |||
| CVE-2018-1999046 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000409 | unknown | — | — | 4y ago | Session Fixation in Jenkins | |||
| CVE-2018-1000406 | unknown | — | — | 4y ago | Path Traversal in Jenkins | |||
| CVE-2018-1000410 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000170 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Core | |||
| CVE-2018-1000407 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins | |||
| CVE-2018-1000862 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000997 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-19789 | unknown | — | — | 4y ago | An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `strin… | |||
| CVE-2018-19790 | unknown | — | — | 4y ago | An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_f… | |||
| CVE-2018-1325 | unknown | — | — | 4y ago | Cross-site Scripting in wicket-jquery-ui | |||
| CVE-2018-11688 | unknown | — | — | 4y ago | Ignite Realtime Openfire vulnerable to cross-site scripting | |||
| CVE-2018-1000169 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000416 | unknown | — | — | 4y ago | Jenkins Job Config History Plugin reflected XSS vulnerability | |||
| CVE-2018-1000077 | unknown | — | — | 4y ago | RubyGems Improper Input Validation vulnerability | |||
| CVE-2018-1000078 | unknown | — | — | 4y ago | RubyGems Cross-site Scripting vulnerability | |||
| CVE-2018-1000076 | unknown | — | — | 4y ago | RubyGems Improper Verification of Cryptographic Signature vulnerability | |||
| CVE-2018-1000074 | unknown | — | — | 4y ago | RubyGems Deserialization of Untrusted Data vulnerability | |||
| CVE-2018-1000079 | unknown | — | — | 4y ago | RubyGems Path Traversal vulnerability | |||
| CVE-2018-8028 | unknown | — | — | 4y ago | Apache Sentry may allow attacker to access/remove data from Sentry protected table | |||
| CVE-2018-8036 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Apache PDFBox | |||
| CVE-2018-8016 | unknown | — | — | 4y ago | Missing Authentication for Critical Function in Apache Cassandra | |||
| CVE-2018-3258 | unknown | — | — | 4y ago | Improper Privilege Management in MySQL Connectors Java | |||
| CVE-2018-1999047 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins | |||
| CVE-2018-1999028 | unknown | — | — | 4y ago | Jenkins Accurev Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-1999032 | unknown | — | — | 4y ago | Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-1999044 | unknown | — | — | 4y ago | Infinite Loop in Jenkins Core | |||
| CVE-2018-1999036 | unknown | — | — | 4y ago | Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log | |||
| CVE-2018-1999040 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Jenkins Kubernetes Plugin | |||
| CVE-2018-1999030 | unknown | — | — | 4y ago | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks | |||
| CVE-2018-1340 | unknown | — | — | 4y ago | Missing Encryption of Sensitive Data in Apache Guacamole | |||
| CVE-2018-12972 | unknown | — | — | 4y ago | OpenTSDB vulnerable to OS Command Injection | |||
| CVE-2018-1297 | unknown | — | — | 4y ago | Missing certificate validation in Apache JMeter | |||
| CVE-2018-1287 | unknown | — | — | 4y ago | Missing certificate validation in Apache JMeter | |||
| CVE-2018-1286 | unknown | — | — | 4y ago | Apache OpenMeetings may allow authenticated attacker to deny service for privileged users | |||
| CVE-2018-11047 | unknown | — | — | 4y ago | Cloud Foundry UAA accepts refresh token as access token on admin endpoints | |||
| CVE-2018-1000864 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Jenkins | |||
| CVE-2018-1000865 | unknown | — | — | 4y ago | Improper Privilege Management in Jenkins | |||
| CVE-2018-1000866 | unknown | — | — | 4y ago | Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass | |||
| CVE-2018-1000817 | unknown | — | — | 4y ago | Asset Pipeline Grails Plugin vulnerable to Path Traversal | |||
| CVE-2018-1000863 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-1000610 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000608 | unknown | — | — | 4y ago | Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password | |||
| CVE-2018-1000600 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials | |||
| CVE-2018-1000603 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials | |||
| CVE-2018-1000403 | unknown | — | — | 4y ago | AWS CodeDeploy Plugin stored AWS Secret Key in plain text | |||
| CVE-2018-1000401 | unknown | — | — | 4y ago | Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000408 | unknown | — | — | 4y ago | Improper Authorization in Jenkins | |||
| CVE-2018-1000404 | unknown | — | — | 4y ago | Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin | |||
| CVE-2018-1000197 | unknown | — | — | 4y ago | Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration | |||
| CVE-2018-1000189 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin | |||
| CVE-2018-1000146 | unknown | — | — | 4y ago | Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM | |||
| CVE-2018-1000145 | unknown | — | — | 4y ago | Jenkins Perforce Plugin uses ineffective credentials encryption | |||
| CVE-2018-1000152 | unknown | — | — | 4y ago | Jenkins vSphere Plugin incorrect authorization vulnerability | |||
| CVE-2018-1000112 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Mercurial Plugin | |||
| CVE-2018-1000111 | unknown | — | — | 4y ago | Jenkins Subversion Plugin Incorrect Authorization vulnerability | |||
| CVE-2018-1000134 | unknown | — | — | 4y ago | Weak Password Requirements in UnboundID LDAP SDK | |||
| CVE-2018-1000114 | unknown | — | — | 4y ago | Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes | |||
| CVE-2018-1000109 | unknown | — | — | 4y ago | Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs | |||
| CVE-2018-1000105 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000104 | unknown | — | — | 4y ago | Jenkins Coverity Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000106 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000110 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Git Plugin | |||
| CVE-2018-1000107 | unknown | — | — | 4y ago | Improper authorization in Jenkins Job and Node Ownership Plugin |