CVEs from 2018
Total
2,860
critical
critical 238
high
high 329
medium
medium 260
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- mitel 8
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-17194 | unknown | — | — | 8y ago | Apache NiFi Improper Input Validation vulnerability | |||
| CVE-2018-17192 | unknown | — | — | 8y ago | Improper Restriction of Rendered UI Layers or Frames in Apache nifif | |||
| CVE-2018-1000823 | unknown | — | — | 8y ago | exist-db:exist-core XML External Entity (XXE) vulnerability | |||
| CVE-2018-1000822 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in codelibs fess | |||
| CVE-2018-1000820 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in neo4j.procedure:apoc | |||
| CVE-2018-15801 | unknown | — | — | 8y ago | Spring Security vulnerable to Authorization Bypass | |||
| CVE-2018-11799 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.oozie:oozie-core | |||
| CVE-2018-20094 | unknown | — | — | 8y ago | XXL-CONF Path Traversal vulnerability | |||
| CVE-2018-20000 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in bedework:bw-webdav | |||
| CVE-2018-20059 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in pippo-core | |||
| CVE-2018-19907 | unknown | — | — | 8y ago | OS Command Injection in craftercms:crafter-studio | |||
| CVE-2018-15795 | unknown | — | — | 8y ago | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker | |||
| CVE-2018-11777 | unknown | — | — | 8y ago | Improper Authentication in hive:hive-exec | |||
| CVE-2018-1314 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.hive:hive-jdbc | |||
| CVE-2018-1282 | unknown | — | — | 8y ago | SQL Injection in hive-jdbc | |||
| CVE-2018-1284 | unknown | — | — | 8y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache hive | |||
| CVE-2018-1315 | unknown | — | — | 8y ago | Incorrect Permission Assignment for Critical Resource in Apache hive | |||
| CVE-2018-17187 | unknown | — | — | 8y ago | Improper Certificate Validation in proton-j | |||
| CVE-2018-17190 | unknown | — | — | 8y ago | Remote Code Execution in spark-core | |||
| CVE-2018-1337 | unknown | — | — | 8y ago | In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connec… | |||
| CVE-2018-18853 | unknown | — | — | 8y ago | Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields | |||
| CVE-2018-18854 | unknown | — | — | 8y ago | Uncontrolled Resource Consumption in spray-json | |||
| CVE-2018-17184 | unknown | — | — | 8y ago | Improper Control of Interaction Frequency in Apache syncope-core | |||
| CVE-2018-17186 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core | |||
| CVE-2018-18830 | unknown | — | — | 8y ago | Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms | |||
| CVE-2018-18831 | unknown | — | — | 8y ago | Path Traversal in minsoft:ms-mcms | |||
| CVE-2018-8006 | unknown | — | — | 8y ago | Apache ActiveMQ web console vulnerable to Cross-site Scripting | |||
| CVE-2018-18628 | unknown | — | — | 8y ago | Deserialization of Untrusted Data in Pippo | |||
| CVE-2018-18531 | unknown | — | — | 8y ago | Use of Insufficiently Random Values in penggle:kaptcha | |||
| CVE-2018-16115 | unknown | — | — | 8y ago | Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor | |||
| CVE-2018-16131 | unknown | — | — | 8y ago | High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 | |||
| CVE-2018-15758 | unknown | — | — | 8y ago | Authorization bypass in org.springframework.security.oauth:spring-security-oauth2 | |||
| CVE-2018-12537 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects io.vertx:vertx-core | |||
| CVE-2018-9159 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.sparkjava:spark-core | |||
| CVE-2018-1047 | unknown | — | — | 8y ago | Improper Input Validation in org.wildfly:wildfly-undertow | |||
| CVE-2018-1000644 | unknown | — | — | 8y ago | Eclipse RDF4j vulnerable to XML External Entity | |||
| CVE-2018-10936 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate | |||
| CVE-2018-1000529 | unknown | — | — | 8y ago | Stored Cross Site Scripting in Grails Fields Plugin | |||
| CVE-2018-11775 | unknown | — | — | 8y ago | Improper Certificate Validation in Apache activemq-client | |||
| CVE-2018-1307 | unknown | — | — | 8y ago | Apache juddi-client vulnerable to XML External Entity (XXE) | |||
| CVE-2018-1298 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j | |||
| CVE-2018-11771 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.commons:commons-compress | |||
| CVE-2018-8039 | unknown | — | — | 8y ago | Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* | |||
| CVE-2018-12536 | unknown | — | — | 8y ago | Eclipse Jetty Server generates error message containing sensitive information | |||
| CVE-2018-11087 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp | |||
| CVE-2018-1196 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.springframework.boot:spring-boot | |||
| CVE-2018-1261 | unknown | — | — | 8y ago | Path traversal in org.springframework.integration:spring-integration-zip | |||
| CVE-2018-1260 | unknown | — | — | 8y ago | Spring Security OAuth vulnerable to remote code execution (RCE) | |||
| CVE-2018-8025 | unknown | — | — | 8y ago | Race condition in org.apache.hbase:hbase-thrift | |||
| CVE-2018-8038 | unknown | — | — | 8y ago | High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cx… | |||
| CVE-2018-10912 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.keycloak:keycloak-core | |||
| CVE-2018-1275 | unknown | — | — | 8y ago | Spring Framework has Improperly Implemented Security Check for Standard | |||
| CVE-2018-1272 | unknown | — | — | 8y ago | Possible privilege escalation in org.springframework:spring-core | |||
| CVE-2018-1271 | unknown | — | — | 8y ago | Path Traversal in org.springframework:spring-core | |||
| CVE-2018-1270 | unknown | — | — | 8y ago | Spring Framework allows applications to expose STOMP over WebSocket endpoints | |||
| CVE-2018-1258 | unknown | — | — | 8y ago | Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass | |||
| CVE-2018-1257 | unknown | — | — | 8y ago | Denial of Service in org.springframework:spring-core | |||
| CVE-2018-1199 | unknown | — | — | 8y ago | Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core | |||
| CVE-2018-8010 | unknown | — | — | 8y ago | There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files | |||
| CVE-2018-1308 | unknown | — | — | 8y ago | There is a XML external entity expansion (XXE) vulnerability in Apache Solr | |||
| CVE-2018-8026 | unknown | — | — | 8y ago | XML external entity expansion in org.apache.solr:solr-core | |||
| CVE-2018-17297 | unknown | — | — | 8y ago | Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal | |||
| CVE-2018-8023 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.mesos:mesos | |||
| CVE-2018-17785 | unknown | — | — | 8y ago | In blynk-server a Directory Traversal exists | |||
| CVE-2018-1332 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.storm:storm-core | |||
| CVE-2018-1331 | unknown | — | — | 8y ago | Code execution in org.apache.storm:storm-core | |||
| CVE-2018-15531 | unknown | — | — | 8y ago | JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | |||
| CVE-2018-11797 | unknown | — | — | 8y ago | In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation | |||
| CVE-2018-18389 | unknown | — | — | 8y ago | Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication | |||
| CVE-2018-1274 | unknown | — | — | 8y ago | Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation | |||
| CVE-2018-1259 | unknown | — | — | 8y ago | Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references | |||
| CVE-2018-11778 | unknown | — | — | 8y ago | UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow | |||
| CVE-2018-1336 | unknown | — | — | 8y ago | An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 t… | |||
| CVE-2018-1305 | unknown | — | — | 8y ago | Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. … | |||
| CVE-2018-1304 | unknown | — | — | 8y ago | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 … | |||
| CVE-2018-1000613 | unknown | — | — | 8y ago | Deserialization of Untrusted Data in Bouncy castle | |||
| CVE-2018-12542 | unknown | — | — | 8y ago | Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location | |||
| CVE-2018-12544 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects io.vertx:vertx-core | |||
| CVE-2018-12541 | unknown | — | — | 8y ago | Excessive memory allocation | |||
| CVE-2018-12540 | unknown | — | — | 8y ago | High severity vulnerability that affects io.vertx:vertx-web | |||
| CVE-2018-1338 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-8017 | unknown | — | — | 8y ago | Comparison errorr in org.apache.tika:tika-core | |||
| CVE-2018-11762 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-11761 | unknown | — | — | 8y ago | High severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-1339 | unknown | — | — | 8y ago | org.apache.tika:tika-parsers has an Infinite Loop vulnerability | |||
| CVE-2018-11796 | unknown | — | — | 8y ago | Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack | |||
| CVE-2018-12418 | unknown | — | — | 8y ago | Junrar vulnerable to Infinite Loop | |||
| CVE-2018-8041 | unknown | — | — | 8y ago | Apache Camel's Mail is vulnerable to path traversal | |||
| CVE-2018-8027 | unknown | — | — | 8y ago | Apache is vulnerable to XXE in XSD validation processor | |||
| CVE-2018-8018 | unknown | — | — | 8y ago | Code execution via deserialization in org.apache.ignite:ignite-core | |||
| CVE-2018-1295 | unknown | — | — | 8y ago | Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization | |||
| CVE-2018-8032 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects apache axis | |||
| CVE-2018-8030 | unknown | — | — | 8y ago | Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents | |||
| CVE-2018-1327 | unknown | — | — | 8y ago | Apache Struts REST Plugin can potentially allow a DoS attack | |||
| CVE-2018-7489 | unknown | — | — | 8y ago | FasterXML jackson-databind allows unauthenticated remote code execution | |||
| CVE-2018-1000180 | unknown | — | — | 8y ago | Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator | |||
| CVE-2018-12538 | unknown | — | — | 8y ago | Access and integrity issue within Eclipse Jetty | |||
| CVE-2018-11040 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.springframework:spring-core | |||
| CVE-2018-11039 | unknown | — | — | 8y ago | Spring Framework Cross Site Tracing (XST) | |||
| CVE-2018-8008 | unknown | — | — | 8y ago | ZipSlip in org.apache.storm:storm-core |