CVEs from 2018
Total
3,113
critical
critical 229
high
high 302
medium
medium 256
low
low 39
% Critical
7.4%
% with KEV
2.9%
% with exploit
4.0%
Top vendors
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000401 | unknown | — | — | 4y ago | Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000404 | unknown | — | — | 4y ago | Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin | |||
| CVE-2018-1000408 | unknown | — | — | 4y ago | Improper Authorization in Jenkins | |||
| CVE-2018-1000197 | unknown | — | — | 4y ago | Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration | |||
| CVE-2018-1000189 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin | |||
| CVE-2018-1000145 | unknown | — | — | 4y ago | Jenkins Perforce Plugin uses ineffective credentials encryption | |||
| CVE-2018-1000146 | unknown | — | — | 4y ago | Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM | |||
| CVE-2018-1000152 | unknown | — | — | 4y ago | Jenkins vSphere Plugin incorrect authorization vulnerability | |||
| CVE-2018-1000111 | unknown | — | — | 4y ago | Jenkins Subversion Plugin Incorrect Authorization vulnerability | |||
| CVE-2018-1000134 | unknown | — | — | 4y ago | Weak Password Requirements in UnboundID LDAP SDK | |||
| CVE-2018-1000114 | unknown | — | — | 4y ago | Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes | |||
| CVE-2018-1000112 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Mercurial Plugin | |||
| CVE-2018-1000105 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000109 | unknown | — | — | 4y ago | Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs | |||
| CVE-2018-1000110 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Git Plugin | |||
| CVE-2018-1000104 | unknown | — | — | 4y ago | Jenkins Coverity Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1000106 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |||
| CVE-2018-1000107 | unknown | — | — | 4y ago | Improper authorization in Jenkins Job and Node Ownership Plugin | |||
| CVE-2018-1000057 | unknown | — | — | 4y ago | Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-1002202 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Zip4j | |||
| CVE-2018-1002200 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver | |||
| CVE-2018-10894 | unknown | — | — | 4y ago | Keycloak Authentication Error | |||
| CVE-2018-14636 | unknown | — | — | 4y ago | Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively… | |||
| CVE-2018-14655 | unknown | — | — | 4y ago | Keycloak vulnerable to cross-site scripting via the state parameter | |||
| CVE-2018-14658 | unknown | — | — | 4y ago | Keycloak Open Redirect | |||
| CVE-2018-15761 | unknown | — | — | 4y ago | Cloud Foundry UAA Privilege Escalation | |||
| CVE-2018-17244 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2018-17247 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Elasticsearch | |||
| CVE-2018-1051 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider | |||
| CVE-2018-1114 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Undertow | |||
| CVE-2018-1131 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Infinispan | |||
| CVE-2018-1229 | unknown | — | — | 4y ago | Cross-site Scripting in Pivotal Spring Batch Admin | |||
| CVE-2018-3824 | unknown | — | — | 4y ago | Elasticsearch subject to cross site scripting | |||
| CVE-2018-1002201 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in zt-zip | |||
| CVE-2018-13864 | unknown | — | — | 4y ago | Play Framework's Assets controller vulnerable to directory traversal | |||
| CVE-2018-1000426 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Git Changelog Plugin | |||
| CVE-2018-1999033 | unknown | — | — | 4y ago | Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin | |||
| CVE-2018-3831 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |||
| CVE-2018-8015 | unknown | — | — | 4y ago | Apache ORC vulnerable to Uncontrolled Recursion | |||
| CVE-2018-18240 | unknown | — | — | 4y ago | Pippo RCE Vulnerability | |||
| CVE-2018-12533 | unknown | — | — | 4y ago | Arbitrary code execution in Richfaces | |||
| CVE-2018-12532 | unknown | — | — | 4y ago | RichFaces vulnerable to Expression Language Injection | |||
| CVE-2018-1000423 | unknown | — | — | 4y ago | Jenkins Crowd 2 Integration Plugin stored credentials in plain text | |||
| CVE-2018-1000412 | unknown | — | — | 4y ago | Jenkins Jira Plugin Incorrect Authorization vulnerability | |||
| CVE-2018-1000419 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs | |||
| CVE-2018-1000425 | unknown | — | — | 4y ago | Jenkins SonarQube Scanner Plugin stored server authentication token in plain text | |||
| CVE-2018-1000418 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows credential capture due to incorrect authorization | |||
| CVE-2018-1000424 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk | |||
| CVE-2018-1000149 | unknown | — | — | 4y ago | Jenkins Ansible Plugin man in the middle vulnerability | |||
| CVE-2018-1000015 | unknown | — | — | 4y ago | Incorrect permission checks in Pipeline: Nodes and Processes plugin | |||
| CVE-2018-1067 | unknown | — | — | 4y ago | Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow | |||
| CVE-2018-14657 | unknown | — | — | 4y ago | Keycloak Improper Bruteforce Detection | |||
| CVE-2018-1048 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow | |||
| CVE-2018-14642 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Undertow | |||
| CVE-2018-1190 | unknown | — | — | 4y ago | Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint | |||
| CVE-2018-14635 | unknown | — | — | 4y ago | When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service cou… | |||
| CVE-2018-1256 | unknown | — | — | 4y ago | Issuer validation regression in Spring Cloud SSO Connector | |||
| CVE-2018-1263 | unknown | — | — | 4y ago | spring-integration-zip Arbitrary File Write | |||
| CVE-2018-1262 | unknown | — | — | 4y ago | UAA privilege escalation across identity zones | |||
| CVE-2018-8012 | unknown | — | — | 4y ago | Missing Authorization in Apache ZooKeeper | |||
| CVE-2018-8088 | unknown | — | — | 4y ago | Improper Access Control in SLF4J | |||
| CVE-2018-1288 | unknown | — | — | 4y ago | Improper Control of Generation of Code in Apache Kafka | |||
| CVE-2018-1313 | unknown | — | — | 4y ago | Improper Access Control in Apache Derby | |||
| CVE-2018-1000067 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins | |||
| CVE-2018-1000192 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000193 | unknown | — | — | 4y ago | Injection in Jenkins | |||
| CVE-2018-1000068 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000195 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2018-6356 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-1000194 | unknown | — | — | 4y ago | Path Traversal in Jenkins | |||
| CVE-2018-5382 | unknown | — | — | 4y ago | Improper Validation of Integrity Check Value in Bouncy Castle | |||
| CVE-2018-1000075 | unknown | — | — | 4y ago | RubyGems Infinite Loop vulnerability | |||
| CVE-2018-1000073 | unknown | — | — | 4y ago | RubyGems Link Following vulnerability | |||
| CVE-2018-25031 | unknown | — | — | 4y ago | Spoofing attack in swagger-ui | |||
| CVE-2018-21234 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Jodd | |||
| CVE-2018-11764 | unknown | — | — | 4y ago | Authentication bypass in Apache Hadoop | |||
| CVE-2018-11802 | unknown | — | — | 4y ago | Incorrect Authorization in Apache Solr | |||
| CVE-2018-16153 | unknown | — | — | 5y ago | Opencast publishes global system account credentials | |||
| CVE-2018-11765 | unknown | — | — | 5y ago | Improper Authentication in Apache Hadoop | |||
| CVE-2018-25007 | unknown | — | — | 5y ago | Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 | |||
| CVE-2018-5968 | unknown | — | — | 6y ago | Deserialization of Untrusted Data in jackson-databind | |||
| CVE-2018-10237 | unknown | — | — | 6y ago | Denial of Service in Google Guava | |||
| CVE-2018-15756 | unknown | — | — | 6y ago | Denial of Service in Spring Framework | |||
| CVE-2018-12023 | unknown | — | — | 6y ago | Deserialization of Untrusted Data | |||
| CVE-2018-11768 | unknown | — | — | 7y ago | user/group information can be corrupted across storing in fsimage and reading back from fsimage | |||
| CVE-2018-15890 | unknown | — | — | 7y ago | Deserialization of Untrusted Data in EthereumJ | |||
| CVE-2018-11307 | unknown | — | — | 7y ago | Deserialization of Untrusted Data in jackson-databind | |||
| CVE-2018-8029 | unknown | — | — | 7y ago | Privilege escalation vulnerability in Apache Hadoop | |||
| CVE-2018-17201 | unknown | — | — | 7y ago | Improper Input Validation in Apache Sanselan | |||
| CVE-2018-17202 | unknown | — | — | 7y ago | Infinite Loop in Apache Sanselan | |||
| CVE-2018-8035 | unknown | — | — | 7y ago | Cross-site Scripting in Apache UIMA | |||
| CVE-2018-1328 | unknown | — | — | 7y ago | Cross-site Scripting in Apache Zeppelin | |||
| CVE-2018-1317 | unknown | — | — | 7y ago | Improper Authentication in Apache Zeppelin | |||
| CVE-2018-12545 | unknown | — | — | 7y ago | Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server | |||
| CVE-2018-12022 | unknown | — | — | 7y ago | jackson-databind Deserialization of Untrusted Data vulnerability | |||
| CVE-2018-11767 | unknown | — | — | 7y ago | Improper Privilege Management in org.apache.hadoop:hadoop-main | |||
| CVE-2018-1324 | unknown | — | — | 7y ago | Apache Commons Compress vulnerable to denial of service due to infinite loop | |||
| CVE-2018-1334 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark | |||
| CVE-2018-8024 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL | |||
| CVE-2018-11793 | unknown | — | — | 7y ago | Stack Overflow in Apache Mesos |