CVEs from 2018
Total
3,113
critical
critical 229
high
high 302
medium
medium 256
low
low 39
% Critical
7.4%
% with KEV
2.9%
% with exploit
4.0%
Top vendors
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000174 | unknown | — | — | 4y ago | Jenkins Google Login Plugin Open Redirect vulnerability | |||
| CVE-2018-1000173 | unknown | — | — | 4y ago | Jenkins Google Login Plugin Session Fixation vulnerability | |||
| CVE-2018-1000177 | unknown | — | — | 4y ago | Stored XSS vulnerability in Jenkins S3 Publisher Plugin | |||
| CVE-2018-1000175 | unknown | — | — | 4y ago | Jenkins HTML Publisher Plugin path traversal vulnerability | |||
| CVE-2018-1000176 | unknown | — | — | 4y ago | Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field | |||
| CVE-2018-1310 | unknown | — | — | 4y ago | Apache NiFi JMS Deserialization issue | |||
| CVE-2018-1309 | unknown | — | — | 4y ago | Improper Restriction of XML External Entity Reference in Apache NiFi | |||
| CVE-2018-11650 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog Server | |||
| CVE-2018-11651 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog | |||
| CVE-2018-1000182 | unknown | — | — | 4y ago | Server-Side Request Forgery in Jenkins Git Plugin | |||
| CVE-2018-1000184 | unknown | — | — | 4y ago | Jenkins GitHub Plugin server-side request forgery vulnerability exists | |||
| CVE-2018-1000186 | unknown | — | — | 4y ago | Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability | |||
| CVE-2018-1000187 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Jenkins Kubernetes Plugin | |||
| CVE-2018-1000183 | unknown | — | — | 4y ago | Jenkins GitHub Plugin exposure of sensitive information vulnerability exists | |||
| CVE-2018-1000188 | unknown | — | — | 4y ago | Jenkins CAS Plugin Server-Side Request Forgery vulnerability | |||
| CVE-2018-1000185 | unknown | — | — | 4y ago | Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery | |||
| CVE-2018-1000202 | unknown | — | — | 4y ago | Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting | |||
| CVE-2018-1000196 | unknown | — | — | 4y ago | Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text | |||
| CVE-2018-1000190 | unknown | — | — | 4y ago | Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin | |||
| CVE-2018-1000198 | unknown | — | — | 4y ago | XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin | |||
| CVE-2018-12036 | unknown | — | — | 4y ago | Path Traversal in OWASP Dependency-Check | |||
| CVE-2018-12432 | unknown | — | — | 4y ago | Cross-site Scripting in JavaMelody | |||
| CVE-2018-11407 | unknown | — | — | 4y ago | An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by l… | |||
| CVE-2018-1000601 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin | |||
| CVE-2018-1000602 | unknown | — | — | 4y ago | Jenkins SAML Plugin Session Fixation vulnerability | |||
| CVE-2018-12973 | unknown | — | — | 4y ago | OpenTSDB Cross-site Scripting vulnerability | |||
| CVE-2018-13003 | unknown | — | — | 4y ago | OpenTSDB Cross-site Scripting vulnerability | |||
| CVE-2018-1000604 | unknown | — | — | 4y ago | Jenkins Badge Plugin cross-site scripting vulnerability | |||
| CVE-2018-1000607 | unknown | — | — | 4y ago | Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin | |||
| CVE-2018-1000609 | unknown | — | — | 4y ago | Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information | |||
| CVE-2018-11041 | unknown | — | — | 4y ago | Cloud Foundry UAA open redirect | |||
| CVE-2018-1000606 | unknown | — | — | 4y ago | URLTrigger Plugin server-side request forgery vulnerability | |||
| CVE-2018-13439 | unknown | — | — | 4y ago | WeChat Pay Java SDK allows XXE | |||
| CVE-2018-1000402 | unknown | — | — | 4y ago | Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials | |||
| CVE-2018-14380 | unknown | — | — | 4y ago | Cross-site Scripting in Graylog Server | |||
| CVE-2018-14371 | unknown | — | — | 4y ago | Path Traversal in Eclipse Mojarra | |||
| CVE-2018-1999031 | unknown | — | — | 4y ago | Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key | |||
| CVE-2018-1999029 | unknown | — | — | 4y ago | Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin | |||
| CVE-2018-1999041 | unknown | — | — | 4y ago | Exposure of sensitive information vulnerability | |||
| CVE-2018-1999026 | unknown | — | — | 4y ago | Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability | |||
| CVE-2018-1999025 | unknown | — | — | 4y ago | Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability | |||
| CVE-2018-1999035 | unknown | — | — | 4y ago | Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation | |||
| CVE-2018-1000605 | unknown | — | — | 4y ago | Jenkins CollabNet Plugin man in the middle vulnerability | |||
| CVE-2018-1999034 | unknown | — | — | 4y ago | Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation | |||
| CVE-2018-1999037 | unknown | — | — | 4y ago | Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource | |||
| CVE-2018-1999038 | unknown | — | — | 4y ago | Jenkins Publisher Over CIFS Plugin confused deputy vulnerability | |||
| CVE-2018-1999039 | unknown | — | — | 4y ago | Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin | |||
| CVE-2018-14774 | unknown | — | — | 4y ago | An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http… | |||
| CVE-2018-11758 | unknown | — | — | 4y ago | XML External Entity Reference in Apache Cayenne | |||
| CVE-2018-1000665 | unknown | — | — | 4y ago | Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness | |||
| CVE-2018-17366 | unknown | — | — | 4y ago | Mingsoft MCMS CSRF vulnerability | |||
| CVE-2018-16277 | unknown | — | — | 4y ago | XWiki XSS Vulnerability | |||
| CVE-2018-11804 | unknown | — | — | 4y ago | Improper Input Validation in Apache Spark | |||
| CVE-2018-17605 | unknown | — | — | 4y ago | Asset Pipeline plugin for Grails vulnerable to Path Traversal | |||
| CVE-2018-19413 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API | |||
| CVE-2018-20227 | unknown | — | — | 4y ago | RDF4J vulnerable to zip slip | |||
| CVE-2018-20663 | unknown | — | — | 4y ago | The Reporting Addon for CUBA Platform has Persistent XSS | |||
| CVE-2018-1000413 | unknown | — | — | 4y ago | Stored XSS vulnerability in Config File Provider Plugin | |||
| CVE-2018-1000417 | unknown | — | — | 4y ago | CSRF vulnerability in Email Extension Template Plugin | |||
| CVE-2018-1000414 | unknown | — | — | 4y ago | CSRF vulnerability in Config File Provider Plugin | |||
| CVE-2018-1000411 | unknown | — | — | 4y ago | Jenkins JUnit Plugin CSRF vulnerability | |||
| CVE-2018-1330 | unknown | — | — | 4y ago | Crash when decoding malformed HTTP requests or malformed JSON payload | |||
| CVE-2018-1000421 | unknown | — | — | 4y ago | Server-side request forgery vulnerability in Jenkins Mesos Plugin | |||
| CVE-2018-1000415 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Rebuilder Plugin | |||
| CVE-2018-1000422 | unknown | — | — | 4y ago | Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability | |||
| CVE-2018-8031 | unknown | — | — | 4y ago | Apache TomEE console vulnerable to Cross-site Scripting | |||
| CVE-2018-1306 | unknown | — | — | 4y ago | Exposure of Sensitive Information in Apache Pluto | |||
| CVE-2018-8718 | unknown | — | — | 4y ago | Cross-Site Request Forgery in Jenkins Mailer Plugin | |||
| CVE-2018-1294 | unknown | — | — | 4y ago | Improper Input Validation Apache Commons Email | |||
| CVE-2018-1000129 | unknown | — | — | 4y ago | Cross-site Scripting in Jolokia agent | |||
| CVE-2018-1000130 | unknown | — | — | 4y ago | Injection in Jolokia agent | |||
| CVE-2018-11385 | unknown | — | — | 4y ago | An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerabil… | |||
| CVE-2018-11408 | unknown | — | — | 4y ago | The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnera… | |||
| CVE-2018-19859 | unknown | — | — | 4y ago | OpenRefine Directory Traversal | |||
| CVE-2018-11386 | unknown | — | — | 4y ago | An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler c… | |||
| CVE-2018-11406 | unknown | — | — | 4y ago | An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session … | |||
| CVE-2018-1999027 | unknown | — | — | 4y ago | Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins | |||
| CVE-2018-1000191 | unknown | — | — | 4y ago | Jenkins Black Duck Detect Plugin information exposure vulnerability | |||
| CVE-2018-10862 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in WildFly | |||
| CVE-2018-1999046 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1999042 | unknown | — | — | 4y ago | Deserialization of Untrusted Data in Jenkins | |||
| CVE-2018-1999045 | unknown | — | — | 4y ago | Improper Authentication in Jenkins | |||
| CVE-2018-1000406 | unknown | — | — | 4y ago | Path Traversal in Jenkins | |||
| CVE-2018-1000410 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000409 | unknown | — | — | 4y ago | Session Fixation in Jenkins | |||
| CVE-2018-1000170 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins Core | |||
| CVE-2018-1000862 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000407 | unknown | — | — | 4y ago | Cross-site Scripting in Jenkins | |||
| CVE-2018-1000997 | unknown | — | — | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2018-19789 | unknown | — | — | 4y ago | An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. When using the scalar type hint `strin… | |||
| CVE-2018-19790 | unknown | — | — | 4y ago | An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_f… | |||
| CVE-2018-1325 | unknown | — | — | 4y ago | Cross-site Scripting in wicket-jquery-ui | |||
| CVE-2018-11688 | unknown | — | — | 4y ago | Ignite Realtime Openfire vulnerable to cross-site scripting | |||
| CVE-2018-1000169 | unknown | — | — | 4y ago | Exposure of Sensitive Information to an Unauthorized Actor in Jenkins | |||
| CVE-2018-1000416 | unknown | — | — | 4y ago | Jenkins Job Config History Plugin reflected XSS vulnerability | |||
| CVE-2018-1000079 | unknown | — | — | 4y ago | RubyGems Path Traversal vulnerability | |||
| CVE-2018-1000078 | unknown | — | — | 4y ago | RubyGems Cross-site Scripting vulnerability | |||
| CVE-2018-1000076 | unknown | — | — | 4y ago | RubyGems Improper Verification of Cryptographic Signature vulnerability | |||
| CVE-2018-1000077 | unknown | — | — | 4y ago | RubyGems Improper Input Validation vulnerability | |||
| CVE-2018-1000074 | unknown | — | — | 4y ago | RubyGems Deserialization of Untrusted Data vulnerability |