CVEs from 2018
Total
3,288
critical
critical 226
high
high 266
medium
medium 224
low
low 32
% Critical
6.9%
% with KEV
2.7%
% with exploit
2.8%
Top vendors
- frappe 4
- redhat 2
- magix 1
- mybb 1
- gitbucket 1
- qemu 1
- dragonexpert 1
- kingsoftstore 1
Top products
- erpnext 4
- terminal_services_manager 1
- ultraiso 1
- dolibarr_erp\/crm 1
- gitbucket 1
- pdfunite 1
- qemu 1
- virtualization_manager 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2018-1000079 | unknown | — | — | 4y ago | RubyGems Path Traversal vulnerability | |
| CVE-2018-1000078 | unknown | — | — | 4y ago | RubyGems Cross-site Scripting vulnerability | |
| CVE-2018-8036 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Apache PDFBox | |
| CVE-2018-8028 | unknown | — | — | 4y ago | Apache Sentry may allow attacker to access/remove data from Sentry protected table | |
| CVE-2018-8016 | unknown | — | — | 4y ago | Missing Authentication for Critical Function in Apache Cassandra | |
| CVE-2018-3258 | unknown | — | — | 4y ago | Improper Privilege Management in MySQL Connectors Java | |
| CVE-2018-1999047 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins | |
| CVE-2018-1999032 | unknown | — | — | 4y ago | Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks | |
| CVE-2018-1999044 | unknown | — | — | 4y ago | Infinite Loop in Jenkins Core | |
| CVE-2018-1999028 | unknown | — | — | 4y ago | Jenkins Accurev Plugin CSRF vulnerability and missing permission checks | |
| CVE-2018-1999036 | unknown | — | — | 4y ago | Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log | |
| CVE-2018-1999040 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Jenkins Kubernetes Plugin | |
| CVE-2018-1999030 | unknown | — | — | 4y ago | Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks | |
| CVE-2018-1340 | unknown | — | — | 4y ago | Missing Encryption of Sensitive Data in Apache Guacamole | |
| CVE-2018-12972 | unknown | — | — | 4y ago | OpenTSDB vulnerable to OS Command Injection | |
| CVE-2018-1297 | unknown | — | — | 4y ago | Missing certificate validation in Apache JMeter | |
| CVE-2018-1287 | unknown | — | — | 4y ago | Missing certificate validation in Apache JMeter | |
| CVE-2018-1286 | unknown | — | — | 4y ago | Apache OpenMeetings may allow authenticated attacker to deny service for privileged users | |
| CVE-2018-11047 | unknown | — | — | 4y ago | Cloud Foundry UAA accepts refresh token as access token on admin endpoints | |
| CVE-2018-1000865 | unknown | — | — | 4y ago | Improper Privilege Management in Jenkins | |
| CVE-2018-1000864 | unknown | — | — | 4y ago | Loop with Unreachable Exit Condition in Jenkins | |
| CVE-2018-1000866 | unknown | — | — | 4y ago | Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass | |
| CVE-2018-1000610 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials | |
| CVE-2018-1000863 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |
| CVE-2018-1000817 | unknown | — | — | 4y ago | Asset Pipeline Grails Plugin vulnerable to Path Traversal | |
| CVE-2018-1000603 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials | |
| CVE-2018-1000608 | unknown | — | — | 4y ago | Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password | |
| CVE-2018-1000600 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials | |
| CVE-2018-1000401 | unknown | — | — | 4y ago | Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials | |
| CVE-2018-1000403 | unknown | — | — | 4y ago | AWS CodeDeploy Plugin stored AWS Secret Key in plain text | |
| CVE-2018-1000404 | unknown | — | — | 4y ago | Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin | |
| CVE-2018-1000408 | unknown | — | — | 4y ago | Improper Authorization in Jenkins | |
| CVE-2018-1000189 | unknown | — | — | 4y ago | CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin | |
| CVE-2018-1000197 | unknown | — | — | 4y ago | Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration | |
| CVE-2018-1000145 | unknown | — | — | 4y ago | Jenkins Perforce Plugin uses ineffective credentials encryption | |
| CVE-2018-1000146 | unknown | — | — | 4y ago | Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM | |
| CVE-2018-1000152 | unknown | — | — | 4y ago | Jenkins vSphere Plugin incorrect authorization vulnerability | |
| CVE-2018-1000114 | unknown | — | — | 4y ago | Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes | |
| CVE-2018-1000111 | unknown | — | — | 4y ago | Jenkins Subversion Plugin Incorrect Authorization vulnerability | |
| CVE-2018-1000112 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Mercurial Plugin | |
| CVE-2018-1000134 | unknown | — | — | 4y ago | Weak Password Requirements in UnboundID LDAP SDK | |
| CVE-2018-1000106 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |
| CVE-2018-1000110 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Git Plugin | |
| CVE-2018-1000107 | unknown | — | — | 4y ago | Improper authorization in Jenkins Job and Node Ownership Plugin | |
| CVE-2018-1000104 | unknown | — | — | 4y ago | Jenkins Coverity Plugin has Insufficiently Protected Credentials | |
| CVE-2018-1000105 | unknown | — | — | 4y ago | Incorrect Authorization in Jenkins Gerrit Trigger Plugin | |
| CVE-2018-1000109 | unknown | — | — | 4y ago | Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs | |
| CVE-2018-1000057 | unknown | — | — | 4y ago | Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials | |
| CVE-2018-1002202 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Zip4j | |
| CVE-2018-1002200 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver | |
| CVE-2018-10894 | unknown | — | — | 4y ago | Keycloak Authentication Error | |
| CVE-2018-14655 | unknown | — | — | 4y ago | Keycloak vulnerable to cross-site scripting via the state parameter | |
| CVE-2018-14658 | unknown | — | — | 4y ago | Keycloak Open Redirect | |
| CVE-2018-15761 | unknown | — | — | 4y ago | Cloud Foundry UAA Privilege Escalation | |
| CVE-2018-17247 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Elasticsearch | |
| CVE-2018-17244 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |
| CVE-2018-1051 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider | |
| CVE-2018-1114 | unknown | — | — | 4y ago | Uncontrolled Resource Consumption in Undertow | |
| CVE-2018-1131 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Infinispan | |
| CVE-2018-1229 | unknown | — | — | 4y ago | Cross-site Scripting in Pivotal Spring Batch Admin | |
| CVE-2018-3824 | unknown | — | — | 4y ago | Elasticsearch subject to cross site scripting | |
| CVE-2018-1002201 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in zt-zip | |
| CVE-2018-13864 | unknown | — | — | 4y ago | Play Framework's Assets controller vulnerable to directory traversal | |
| CVE-2018-1999033 | unknown | — | — | 4y ago | Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin | |
| CVE-2018-1000426 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins Git Changelog Plugin | |
| CVE-2018-10054 | unknown | — | — | 4y ago | Improper Input Validation in Datomic | |
| CVE-2018-3831 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch | |
| CVE-2018-8015 | unknown | — | — | 4y ago | Apache ORC vulnerable to Uncontrolled Recursion | |
| CVE-2018-18240 | unknown | — | — | 4y ago | Pippo RCE Vulnerability | |
| CVE-2018-12532 | unknown | — | — | 4y ago | RichFaces vulnerable to Expression Language Injection | |
| CVE-2018-12533 | unknown | — | — | 4y ago | Arbitrary code execution in Richfaces | |
| CVE-2018-1000418 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows credential capture due to incorrect authorization | |
| CVE-2018-1000423 | unknown | — | — | 4y ago | Jenkins Crowd 2 Integration Plugin stored credentials in plain text | |
| CVE-2018-1000425 | unknown | — | — | 4y ago | Jenkins SonarQube Scanner Plugin stored server authentication token in plain text | |
| CVE-2018-1000412 | unknown | — | — | 4y ago | Jenkins Jira Plugin Incorrect Authorization vulnerability | |
| CVE-2018-1000424 | unknown | — | — | 4y ago | Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk | |
| CVE-2018-1000419 | unknown | — | — | 4y ago | Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs | |
| CVE-2018-1000149 | unknown | — | — | 4y ago | Jenkins Ansible Plugin man in the middle vulnerability | |
| CVE-2018-1000015 | unknown | — | — | 4y ago | Incorrect permission checks in Pipeline: Nodes and Processes plugin | |
| CVE-2018-1067 | unknown | — | — | 4y ago | Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow | |
| CVE-2018-14657 | unknown | — | — | 4y ago | Keycloak Improper Bruteforce Detection | |
| CVE-2018-1048 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow | |
| CVE-2018-14642 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Undertow | |
| CVE-2018-1190 | unknown | — | — | 4y ago | Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint | |
| CVE-2018-1256 | unknown | — | — | 4y ago | Issuer validation regression in Spring Cloud SSO Connector | |
| CVE-2018-1263 | unknown | — | — | 4y ago | spring-integration-zip Arbitrary File Write | |
| CVE-2018-1262 | unknown | — | — | 4y ago | UAA privilege escalation across identity zones | |
| CVE-2018-8012 | unknown | — | — | 4y ago | Missing Authorization in Apache ZooKeeper | |
| CVE-2018-8088 | unknown | — | — | 4y ago | Improper Access Control in SLF4J | |
| CVE-2018-1288 | unknown | — | — | 4y ago | Improper Control of Generation of Code in Apache Kafka | |
| CVE-2018-1313 | unknown | — | — | 4y ago | Improper Access Control in Apache Derby | |
| CVE-2018-1000067 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins | |
| CVE-2018-1000068 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |
| CVE-2018-1000192 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |
| CVE-2018-1000193 | unknown | — | — | 4y ago | Injection in Jenkins | |
| CVE-2018-5382 | unknown | — | — | 4y ago | Improper Validation of Integrity Check Value in Bouncy Castle | |
| CVE-2018-1000194 | unknown | — | — | 4y ago | Path Traversal in Jenkins | |
| CVE-2018-6356 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |
| CVE-2018-1000195 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins | |
| CVE-2018-1000075 | unknown | — | — | 4y ago | RubyGems Infinite Loop vulnerability |