CVEs from 2018
Total
3,719
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
6.1%
% with KEV
2.4%
% with exploit
2.4%
Top vendors
- frappe 4
- redhat 2
- magix 1
- mybb 1
- gitbucket 1
- qemu 1
- dragonexpert 1
- kingsoftstore 1
Top products
- erpnext 4
- terminal_services_manager 1
- ultraiso 1
- dolibarr_erp\/crm 1
- gitbucket 1
- pdfunite 1
- qemu 1
- virtualization_manager 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2018-7685 | unknown | — | — | — | The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow … | |
| CVE-2018-19206 | unknown | — | — | — | steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. | |
| CVE-2018-19205 | unknown | — | — | — | Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated w… | |
| CVE-2018-17196 | unknown | — | — | 4y ago | Improper Input Validation in Apache Kafka | |
| CVE-2018-1000008 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins PMD Plugin | |
| CVE-2018-1000055 | unknown | — | — | 4y ago | XXE vulnerability in Jenkins Android Lint Plugin | |
| CVE-2018-1000056 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin | |
| CVE-2018-1000113 | unknown | — | — | 4y ago | Stored cross-site scripting vulnerability in Jenkins TestLink Plugin | |
| CVE-2018-1000143 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin | |
| CVE-2018-1000153 | unknown | — | — | 4y ago | Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability | |
| CVE-2018-1000177 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins S3 Publisher Plugin | |
| CVE-2018-1000175 | unknown | — | — | 4y ago | Jenkins HTML Publisher Plugin path traversal vulnerability | |
| CVE-2018-1309 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Apache NiFi | |
| CVE-2018-11651 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog | |
| CVE-2018-1000182 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins Git Plugin | |
| CVE-2018-1000202 | unknown | — | — | 4y ago | Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting | |
| CVE-2018-1000196 | unknown | — | — | 4y ago | Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text | |
| CVE-2018-1000190 | unknown | — | — | 4y ago | Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin | |
| CVE-2018-1000198 | unknown | — | — | 4y ago | XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin | |
| CVE-2018-1000602 | unknown | — | — | 4y ago | Jenkins SAML Plugin Session Fixation vulnerability | |
| CVE-2018-13003 | unknown | — | — | 4y ago | OpenTSDB Cross-site Scripting vulnerability | |
| CVE-2018-1000604 | unknown | — | — | 4y ago | Jenkins Badge Plugin cross-site scripting vulnerability | |
| CVE-2018-1000609 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information | |
| CVE-2018-1000607 | unknown | — | — | 4y ago | Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin | |
| CVE-2018-1000402 | unknown | — | — | 4y ago | Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials | |
| CVE-2018-14380 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog Server | |
| CVE-2018-14371 | unknown | — | — | 4y ago | Path Traversal in Eclipse Mojarra | |
| CVE-2018-1999029 | unknown | — | — | 4y ago | Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin | |
| CVE-2018-1999031 | unknown | — | — | 4y ago | Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key | |
| CVE-2018-1999041 | unknown | — | — | 4y ago | Exposure of sensitive information vulnerability | |
| CVE-2018-1999037 | unknown | — | — | 4y ago | Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource | |
| CVE-2018-1999039 | unknown | — | — | 4y ago | Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin | |
| CVE-2018-11758 | unknown | — | — | 4y ago | XML External Entity Reference in Apache Cayenne | |
| CVE-2018-16277 | unknown | — | — | 4y ago | XWiki XSS Vulnerability | |
| CVE-2018-11804 | unknown | — | — | 4y ago | Improper Input Validation in Apache Spark | |
| CVE-2018-1000417 | unknown | — | — | 4y ago | CSRF vulnerability in Email Extension Template Plugin | |
| CVE-2018-1000415 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Rebuilder Plugin | |
| CVE-2018-1000421 | unknown | — | — | 4y ago | Server-side request forgery vulnerability in Jenkins Mesos Plugin | |
| CVE-2018-8718 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Mailer Plugin | |
| CVE-2018-1000191 | unknown | — | — | 4y ago | Jenkins Black Duck Detect Plugin information exposure vulnerability | |
| CVE-2018-1999046 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |
| CVE-2018-1999042 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Jenkins | |
| CVE-2018-1000410 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |
| CVE-2018-1000406 | unknown | — | — | 4y ago | Path Traversal in Jenkins | |
| CVE-2018-1000997 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |
| CVE-2018-1000079 | unknown | — | — | 4y ago | RubyGems Path Traversal vulnerability | |
| CVE-2018-1000078 | unknown | — | — | 4y ago | RubyGems Cross-site Scripting vulnerability | |
| CVE-2018-8028 | unknown | — | — | 4y ago | Apache Sentry may allow attacker to access/remove data from Sentry protected table | |
| CVE-2018-8016 | unknown | — | — | 4y ago | Missing Authentication for Critical Function in Apache Cassandra | |
| CVE-2018-3258 | unknown | — | — | 4y ago | Improper Privilege Management in MySQL Connectors Java | |
| CVE-2018-1999044 | unknown | — | — | 4y ago | Infinite Loop in Jenkins Core | |
| CVE-2018-1297 | unknown | — | — | 4y ago | Missing certificate validation in Apache JMeter | |
| CVE-2018-1000863 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |
| CVE-2018-1000610 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials | |
| CVE-2018-1000608 | unknown | — | — | 4y ago | Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password | |
| CVE-2018-1000600 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials | |
| CVE-2018-1000401 | unknown | — | — | 4y ago | Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials | |
| CVE-2018-1000408 | unknown | — | — | 4y ago | Improper Authorization in Jenkins | |
| CVE-2018-1000146 | unknown | — | — | 4y ago | Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM | |
| CVE-2018-1000152 | unknown | — | — | 4y ago | Jenkins vSphere Plugin incorrect authorization vulnerability | |
| CVE-2018-1000106 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |
| CVE-2018-1000107 | unknown | — | — | 4y ago | Improper authorization in Jenkins Job and Node Ownership Plugin | |
| CVE-2018-1000110 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Git Plugin | |
| CVE-2018-1000057 | unknown | — | — | 4y ago | Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials | |
| CVE-2018-1002202 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Zip4j | |
| CVE-2018-14655 | unknown | — | — | 4y ago | Keycloak vulnerable to cross-site scripting via the state parameter | |
| CVE-2018-14658 | unknown | — | — | 4y ago | Keycloak Open Redirect | |
| CVE-2018-15761 | unknown | — | — | 4y ago | Cloud Foundry UAA Privilege Escalation | |
| CVE-2018-1229 | unknown | — | — | 4y ago | Cross-site Scripting in Pivotal Spring Batch Admin | |
| CVE-2018-12533 | unknown | — | — | 4y ago | Arbitrary code execution in Richfaces | |
| CVE-2018-12532 | unknown | — | — | 4y ago | RichFaces vulnerable to Expression Language Injection | |
| CVE-2018-1000425 | unknown | — | — | 4y ago | Jenkins SonarQube Scanner Plugin stored server authentication token in plain text | |
| CVE-2018-1000419 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs | |
| CVE-2018-1000149 | unknown | — | — | 4y ago | Jenkins Ansible Plugin man in the middle vulnerability | |
| CVE-2018-1067 | unknown | — | — | 4y ago | Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow | |
| CVE-2018-14657 | unknown | — | — | 4y ago | Keycloak Improper Bruteforce Detection | |
| CVE-2018-1263 | unknown | — | — | 4y ago | spring-integration-zip Arbitrary File Write | |
| CVE-2018-1262 | unknown | — | — | 4y ago | UAA privilege escalation across identity zones | |
| CVE-2018-1313 | unknown | — | — | 4y ago | Improper Access Control in Apache Derby | |
| CVE-2018-1000067 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins | |
| CVE-2018-1000193 | unknown | — | — | 4y ago | Injection in Jenkins | |
| CVE-2018-1000192 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |
| CVE-2018-6356 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |
| CVE-2018-5382 | unknown | — | — | 4y ago | Improper Validation of Integrity Check Value in Bouncy Castle | |
| CVE-2018-1000075 | unknown | — | — | 4y ago | RubyGems Infinite Loop vulnerability | |
| CVE-2018-11764 | unknown | — | — | 4y ago | Authentication bypass in Apache Hadoop | |
| CVE-2018-12023 | unknown | — | — | 6y ago | Deserialization of Untrusted Data | |
| CVE-2018-8029 | unknown | — | — | 7y ago | Privilege escalation vulnerability in Apache Hadoop | |
| CVE-2018-11767 | unknown | — | — | 7y ago | Improper Privilege Management in org.apache.hadoop:hadoop-main | |
| CVE-2018-1334 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark | |
| CVE-2018-8024 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL | |
| CVE-2018-20242 | unknown | — | — | 7y ago | Cross-site Scripting in jspwiki-war | |
| CVE-2018-14719 | unknown | — | — | 8y ago | Arbitrary Code Execution in jackson-databind | |
| CVE-2018-14718 | unknown | — | — | 8y ago | Arbitrary Code Execution in jackson-databind | |
| CVE-2018-18893 | unknown | — | — | 8y ago | Jinjava calls getClass | |
| CVE-2018-20595 | unknown | — | — | 8y ago | Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons | |
| CVE-2018-17197 | unknown | — | — | 8y ago | Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser | |
| CVE-2018-8009 | unknown | — | — | 8y ago | Path Traversal in Hadoop | |
| CVE-2018-1000850 | unknown | — | — | 8y ago | Directory Traversal vulnerability in Square Retrofit | |
| CVE-2018-17195 | unknown | — | — | 8y ago | Cleartext Transmission of Sensitive Information in Apache nifi |