| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-1999047 |
863 |
|
|
2018-08-23 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center. |
|
2 |
CVE-2018-1999046 |
200 |
|
+Info |
2018-08-23 |
2019-05-08 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection log for any agent. |
|
3 |
CVE-2018-1999045 |
287 |
|
|
2018-08-23 |
2019-05-08 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled. |
|
4 |
CVE-2018-1999044 |
835 |
|
DoS |
2018-08-23 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. |
|
5 |
CVE-2018-1999043 |
772 |
|
DoS |
2018-08-23 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials. |
|
6 |
CVE-2018-1999042 |
502 |
|
|
2018-08-23 |
2019-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. |
|
7 |
CVE-2018-1999041 |
200 |
|
+Info |
2018-08-01 |
2018-10-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration. |
|
8 |
CVE-2018-1999040 |
200 |
|
+Info |
2018-08-01 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. |
|
9 |
CVE-2018-1999039 |
918 |
|
|
2018-08-01 |
2018-10-15 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials. |
|
10 |
CVE-2018-1999038 |
441 |
|
|
2018-08-01 |
2018-10-15 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials. |
|
11 |
CVE-2018-1999037 |
20 |
|
|
2018-08-01 |
2018-10-10 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource. |
|
12 |
CVE-2018-1999036 |
532 |
|
|
2018-08-01 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log. |
|
13 |
CVE-2018-1999035 |
295 |
|
|
2018-08-01 |
2018-10-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to. |
|
14 |
CVE-2018-1999034 |
295 |
|
|
2018-08-01 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to. |
|
15 |
CVE-2018-1999033 |
200 |
|
+Info |
2018-08-01 |
2019-11-26 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin's configuration. |
|
16 |
CVE-2018-1999032 |
269 |
|
|
2018-08-01 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint. |
|
17 |
CVE-2018-1999031 |
200 |
|
+Info |
2018-08-01 |
2018-10-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration. |
|
18 |
CVE-2018-1999030 |
200 |
|
+Info |
2018-08-01 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. |
|
19 |
CVE-2018-1999029 |
79 |
|
XSS |
2018-08-01 |
2018-10-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. |
|
20 |
CVE-2018-1999028 |
200 |
|
+Info |
2018-08-01 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. |
|
21 |
CVE-2018-1999027 |
352 |
|
|
2018-08-01 |
2019-04-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. |
|
22 |
CVE-2018-1999026 |
918 |
|
|
2018-08-01 |
2018-10-04 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host. |
|
23 |
CVE-2018-1999025 |
295 |
|
|
2018-08-01 |
2018-10-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. |
|
24 |
CVE-2018-1000657 |
119 |
|
Exec Code Overflow |
2018-08-20 |
2018-10-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published.. This vulnerability appears to have been fixed in after commit fdfafb510b1a38f727e920dccbeeb638d39a8e60; stable release 1.22.0 and later. |
|
25 |
CVE-2018-1000656 |
20 |
|
DoS |
2018-08-20 |
2020-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083. |
|
26 |
CVE-2018-1000655 |
476 |
|
|
2018-08-20 |
2018-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67. |
|
27 |
CVE-2018-1000654 |
|
|
|
2018-08-20 |
2021-02-25 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. |
|
28 |
CVE-2018-1000653 |
89 |
|
Sql |
2018-08-20 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx. |
|
29 |
CVE-2018-1000652 |
611 |
|
DoS |
2018-08-20 |
2018-10-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d. |
|
30 |
CVE-2018-1000651 |
611 |
|
DoS |
2018-08-20 |
2018-11-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file. |
|
31 |
CVE-2018-1000650 |
89 |
|
Sql |
2018-08-20 |
2018-10-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries. This attack appear to be exploitable via User controlled parameters. |
|
32 |
CVE-2018-1000649 |
732 |
|
Exec Code |
2018-08-20 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled input. |
|
33 |
CVE-2018-1000648 |
269 |
|
Exec Code |
2018-08-20 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters. |
|
34 |
CVE-2018-1000647 |
22 |
|
DoS Dir. Trav. |
2018-08-20 |
2019-10-03 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter. |
|
35 |
CVE-2018-1000646 |
434 |
|
Exec Code |
2018-08-20 |
2018-10-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution. |
|
36 |
CVE-2018-1000645 |
200 |
|
+Info |
2018-08-20 |
2018-10-16 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import templates function. |
|
37 |
CVE-2018-1000644 |
611 |
|
DoS |
2018-08-20 |
2018-11-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file. |
|
38 |
CVE-2018-1000643 |
79 |
|
XSS |
2018-08-20 |
2019-04-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
** DISPUTED ** OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting (XSS) vulnerability in AntiSamy.scan() - for both SAX & DOM that can result in Cross Site Scripting. NOTE: This has been disputed as a false positive. |
|
39 |
CVE-2018-1000642 |
79 |
|
XSS |
2018-08-20 |
2018-10-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to data, stealing session information. This vulnerability appears to have been fixed in after commit 22b09a3. |
|
40 |
CVE-2018-1000641 |
502 |
|
Exec Code |
2018-08-20 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information. |
|
41 |
CVE-2018-1000640 |
79 |
|
DoS XSS |
2018-08-20 |
2018-10-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be exploitable via Malicious input passed in GET parameter. |
|
42 |
CVE-2018-1000639 |
611 |
|
|
2018-08-20 |
2019-09-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
LatexDraw version <=4.0 contains a XML External Entity (XXE) vulnerability in SVG parsing functionality that can result in disclosure of data, server side request forgery, port scanning, possible rce. This attack appear to be exploitable via Specially crafted SVG file. |
|
43 |
CVE-2018-1000638 |
79 |
|
XSS |
2018-08-20 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection. |
|
44 |
CVE-2018-1000637 |
119 |
|
DoS Exec Code Overflow |
2018-08-20 |
2018-11-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. This attack appear to be exploitable via the victim openning a crafted compressed file. This vulnerability appears to have been fixed in 1.8-pre2. |
|
45 |
CVE-2018-1000636 |
476 |
|
Exec Code |
2018-08-20 |
2018-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:598 (passing NULL to memcpy as 2nd argument) results in null pointer dereference (segfault) at jerry-core/jmem/jmem-heap.c:463 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710. |
|
46 |
CVE-2018-1000635 |
200 |
|
+Info |
2018-08-20 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full administrative access to server and may be able to disable it. This vulnerability appears to have been fixed in 5.4.7. |
|
47 |
CVE-2018-1000634 |
269 |
|
|
2018-08-20 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. This attack appear to be exploitable via Use user administration privilege to set the password of a more powerful administrator. This vulnerability appears to have been fixed in 5.4.7. |
|
48 |
CVE-2018-1000633 |
200 |
|
+Info |
2018-08-20 |
2018-10-12 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. Attacker can log in as that user. This attack appear to be exploitable via an attacker reading the web server log. This vulnerability appears to have been fixed in 5.4.7. |
|
49 |
CVE-2018-1000632 |
91 |
|
|
2018-08-20 |
2021-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. |
|
50 |
CVE-2018-1000226 |
732 |
|
|
2018-08-20 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931. |
