VIR Vulnerability Intelligence Relay

CVEs from 2018

3,128 normalized CVEs published or assigned in this year.

Total
3,128
critical
critical 229
high
high 302
medium
medium 256
low
low 39
% Critical
7.3%
% with KEV
2.8%
% with exploit
4.0%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-11651 unknown 4y ago Cross-site Scripting in Graylog
CVE-2018-11650 unknown 4y ago Cross-site Scripting in Graylog Server
CVE-2018-1000182 unknown 4y ago Server-Side Request Forgery in Jenkins Git Plugin
CVE-2018-1000202 unknown 4y ago Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting
CVE-2018-1000188 unknown 4y ago Jenkins CAS Plugin Server-Side Request Forgery vulnerability
CVE-2018-1000186 unknown 4y ago Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
CVE-2018-1000187 unknown 4y ago Exposure of Sensitive Information in Jenkins Kubernetes Plugin
CVE-2018-1000185 unknown 4y ago Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
CVE-2018-1000183 unknown 4y ago Jenkins GitHub Plugin exposure of sensitive information vulnerability exists
CVE-2018-1000184 unknown 4y ago Jenkins GitHub Plugin server-side request forgery vulnerability exists
CVE-2018-1000196 unknown 4y ago Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text
CVE-2018-1000190 unknown 4y ago Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin
CVE-2018-1000198 unknown 4y ago XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin
CVE-2018-12036 unknown 4y ago Path Traversal in OWASP Dependency-Check
CVE-2018-12432 unknown 4y ago Cross-site Scripting in JavaMelody
CVE-2018-1000601 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin
CVE-2018-1000602 unknown 4y ago Jenkins SAML Plugin Session Fixation vulnerability
CVE-2018-13003 unknown 4y ago OpenTSDB Cross-site Scripting vulnerability
CVE-2018-12973 unknown 4y ago OpenTSDB Cross-site Scripting vulnerability
CVE-2018-1000604 unknown 4y ago Jenkins Badge Plugin cross-site scripting vulnerability
CVE-2018-1000607 unknown 4y ago Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin
CVE-2018-11041 unknown 4y ago Cloud Foundry UAA open redirect
CVE-2018-1000609 unknown 4y ago Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information
CVE-2018-1000606 unknown 4y ago URLTrigger Plugin server-side request forgery vulnerability
CVE-2018-13439 unknown 4y ago WeChat Pay Java SDK allows XXE
CVE-2018-1000402 unknown 4y ago Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials
CVE-2018-14380 unknown 4y ago Cross-site Scripting in Graylog Server
CVE-2018-14371 unknown 4y ago Path Traversal in Eclipse Mojarra
CVE-2018-1999031 unknown 4y ago Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
CVE-2018-1999029 unknown 4y ago Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin
CVE-2018-1999041 unknown 4y ago Exposure of sensitive information vulnerability
CVE-2018-1999025 unknown 4y ago Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability
CVE-2018-1999026 unknown 4y ago Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
CVE-2018-1999035 unknown 4y ago Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1000605 unknown 4y ago Jenkins CollabNet Plugin man in the middle vulnerability
CVE-2018-1999034 unknown 4y ago Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation
CVE-2018-1999037 unknown 4y ago Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
CVE-2018-1999038 unknown 4y ago Jenkins Publisher Over CIFS Plugin confused deputy vulnerability
CVE-2018-1999039 unknown 4y ago Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin
CVE-2018-11758 unknown 4y ago XML External Entity Reference in Apache Cayenne
CVE-2018-1000665 unknown 4y ago Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
CVE-2018-17366 unknown 4y ago Mingsoft MCMS CSRF vulnerability
CVE-2018-16277 unknown 4y ago XWiki XSS Vulnerability
CVE-2018-11804 unknown 4y ago Improper Input Validation in Apache Spark
CVE-2018-17605 unknown 4y ago Asset Pipeline plugin for Grails vulnerable to Path Traversal
CVE-2018-19413 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
CVE-2018-20227 unknown 4y ago RDF4J vulnerable to zip slip
CVE-2018-20663 unknown 4y ago The Reporting Addon for CUBA Platform has Persistent XSS
CVE-2018-1000413 unknown 4y ago Stored XSS vulnerability in Config File Provider Plugin
CVE-2018-1000414 unknown 4y ago CSRF vulnerability in Config File Provider Plugin
CVE-2018-1000417 unknown 4y ago CSRF vulnerability in Email Extension Template Plugin
CVE-2018-1000411 unknown 4y ago Jenkins JUnit Plugin CSRF vulnerability
CVE-2018-1330 unknown 4y ago Crash when decoding malformed HTTP requests or malformed JSON payload
CVE-2018-1000422 unknown 4y ago Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
CVE-2018-1000415 unknown 4y ago Cross-site Scripting in Jenkins Rebuilder Plugin
CVE-2018-1000421 unknown 4y ago Server-side request forgery vulnerability in Jenkins Mesos Plugin
CVE-2018-8031 unknown 4y ago Apache TomEE console vulnerable to Cross-site Scripting
CVE-2018-1306 unknown 4y ago Exposure of Sensitive Information in Apache Pluto
CVE-2018-8718 unknown 4y ago Cross-Site Request Forgery in Jenkins Mailer Plugin
CVE-2018-1294 unknown 4y ago Improper Input Validation Apache Commons Email
CVE-2018-1000129 unknown 4y ago Cross-site Scripting in Jolokia agent
CVE-2018-1000130 unknown 4y ago Injection in Jolokia agent
CVE-2018-19859 unknown 4y ago OpenRefine Directory Traversal
CVE-2018-1999027 unknown 4y ago Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins
CVE-2018-1000191 unknown 4y ago Jenkins Black Duck Detect Plugin information exposure vulnerability
CVE-2018-10862 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in WildFly
CVE-2018-1999045 unknown 4y ago Improper Authentication in Jenkins
CVE-2018-1999046 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1999042 unknown 4y ago Deserialization of Untrusted Data in Jenkins
CVE-2018-1000409 unknown 4y ago Session Fixation in Jenkins
CVE-2018-1000407 unknown 4y ago Cross-site Scripting in Jenkins
CVE-2018-1000862 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000406 unknown 4y ago Path Traversal in Jenkins
CVE-2018-1000410 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000170 unknown 4y ago Cross-site Scripting in Jenkins Core
CVE-2018-1000997 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins
CVE-2018-1325 unknown 4y ago Cross-site Scripting in wicket-jquery-ui
CVE-2018-11688 unknown 4y ago Ignite Realtime Openfire vulnerable to cross-site scripting
CVE-2018-1000169 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000416 unknown 4y ago Jenkins Job Config History Plugin reflected XSS vulnerability
CVE-2018-1000077 unknown 4y ago RubyGems Improper Input Validation vulnerability
CVE-2018-1000076 unknown 4y ago RubyGems Improper Verification of Cryptographic Signature vulnerability
CVE-2018-1000078 unknown 4y ago RubyGems Cross-site Scripting vulnerability
CVE-2018-1000079 unknown 4y ago RubyGems Path Traversal vulnerability
CVE-2018-1000074 unknown 4y ago RubyGems Deserialization of Untrusted Data vulnerability
CVE-2018-8028 unknown 4y ago Apache Sentry may allow attacker to access/remove data from Sentry protected table
CVE-2018-8036 unknown 4y ago Loop with Unreachable Exit Condition in Apache PDFBox
CVE-2018-8016 unknown 4y ago Missing Authentication for Critical Function in Apache Cassandra
CVE-2018-3258 unknown 4y ago Improper Privilege Management in MySQL Connectors Java
CVE-2018-1999047 unknown 4y ago Incorrect Authorization in Jenkins
CVE-2018-1999036 unknown 4y ago Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
CVE-2018-1999030 unknown 4y ago Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks
CVE-2018-1999028 unknown 4y ago Jenkins Accurev Plugin CSRF vulnerability and missing permission checks
CVE-2018-1999040 unknown 4y ago Exposure of Sensitive Information in Jenkins Kubernetes Plugin
CVE-2018-1999044 unknown 4y ago Infinite Loop in Jenkins Core
CVE-2018-1999032 unknown 4y ago Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks
CVE-2018-1340 unknown 4y ago Missing Encryption of Sensitive Data in Apache Guacamole
CVE-2018-1297 unknown 4y ago Missing certificate validation in Apache JMeter
CVE-2018-12972 unknown 4y ago OpenTSDB vulnerable to OS Command Injection
CVE-2018-1287 unknown 4y ago Missing certificate validation in Apache JMeter