VIR Vulnerability Intelligence Relay

CVEs from 2018

2,860 normalized CVEs published or assigned in this year.

Total
2,860
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-5382 unknown 4y ago Improper Validation of Integrity Check Value in Bouncy Castle
CVE-2018-1000195 unknown 4y ago Cross-Site Request Forgery in Jenkins
CVE-2018-6356 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins
CVE-2018-1000073 unknown 4y ago RubyGems Link Following vulnerability
CVE-2018-1000075 unknown 4y ago RubyGems Infinite Loop vulnerability
CVE-2018-16886 unknown 4y ago etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd …
CVE-2018-25031 unknown 4y ago Spoofing attack in swagger-ui
CVE-2018-1099 unknown 4y ago DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other add…
CVE-2018-1098 unknown 4y ago A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done wit…
CVE-2018-21234 unknown 4y ago Deserialization of Untrusted Data in Jodd
CVE-2018-11764 unknown 4y ago Authentication bypass in Apache Hadoop
CVE-2018-11802 unknown 4y ago Incorrect Authorization in Apache Solr
CVE-2018-16153 unknown 5y ago Opencast publishes global system account credentials
CVE-2018-11765 unknown 5y ago Improper Authentication in Apache Hadoop
CVE-2018-25007 unknown 5y ago Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
CVE-2018-5968 unknown 6y ago Deserialization of Untrusted Data in jackson-databind
CVE-2018-10237 unknown 6y ago Denial of Service in Google Guava
CVE-2018-15756 unknown 6y ago Denial of Service in Spring Framework
CVE-2018-12023 unknown 6y ago Deserialization of Untrusted Data
CVE-2018-11768 unknown 7y ago user/group information can be corrupted across storing in fsimage and reading back from fsimage
CVE-2018-15890 unknown 7y ago Deserialization of Untrusted Data in EthereumJ
CVE-2018-11307 unknown 7y ago Deserialization of Untrusted Data in jackson-databind
CVE-2018-8029 unknown 7y ago Privilege escalation vulnerability in Apache Hadoop
CVE-2018-17201 unknown 7y ago Improper Input Validation in Apache Sanselan
CVE-2018-17202 unknown 7y ago Infinite Loop in Apache Sanselan
CVE-2018-8035 unknown 7y ago Cross-site Scripting in Apache UIMA
CVE-2018-1328 unknown 7y ago Cross-site Scripting in Apache Zeppelin
CVE-2018-1317 unknown 7y ago Improper Authentication in Apache Zeppelin
CVE-2018-12545 unknown 7y ago Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
CVE-2018-12022 unknown 7y ago jackson-databind Deserialization of Untrusted Data vulnerability
CVE-2018-11767 unknown 7y ago Improper Privilege Management in org.apache.hadoop:hadoop-main
CVE-2018-1324 unknown 7y ago Apache Commons Compress vulnerable to denial of service due to infinite loop
CVE-2018-1334 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
CVE-2018-8024 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
CVE-2018-11793 unknown 7y ago Stack Overflow in Apache Mesos
CVE-2018-1296 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Hadoop
CVE-2018-20242 unknown 7y ago Cross-site Scripting in jspwiki-war
CVE-2018-1320 unknown 8y ago Improper Input Validation in Apache Thrift
CVE-2018-11798 unknown 8y ago Apache Thrift Node.js static web server sandbox escape
CVE-2018-11787 unknown 8y ago Improper Authentication in Apache Karaf
CVE-2018-11788 unknown 8y ago XML External Entity Reference in Apache Karaf
CVE-2018-20433 unknown 8y ago XML External Entity Reference in mchange:c3p0
CVE-2018-14719 unknown 8y ago Arbitrary Code Execution in jackson-databind
CVE-2018-14720 unknown 8y ago XML External Entity Reference (XXE) in jackson-databind
CVE-2018-14721 unknown 8y ago Server-Side Request Forgery (SSRF) in jackson-databind
CVE-2018-19362 unknown 8y ago com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
CVE-2018-19361 unknown 8y ago Deserialization of Untrusted Data in jackson-databind
CVE-2018-19360 unknown 8y ago Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
CVE-2018-14718 unknown 8y ago Arbitrary Code Execution in jackson-databind
CVE-2018-18893 unknown 8y ago Jinjava calls getClass
CVE-2018-20594 unknown 8y ago Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
CVE-2018-20595 unknown 8y ago Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
CVE-2018-17197 unknown 8y ago Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
CVE-2018-8009 unknown 8y ago Path Traversal in Hadoop
CVE-2018-11766 unknown 8y ago Arbitrary Command Execution in Hadoop
CVE-2018-11786 unknown 8y ago Improper Privilege Management in Apache Karaf
CVE-2018-14637 unknown 8y ago Improper Authentication in Keycloak
CVE-2018-1000844 unknown 8y ago XML External Entity (XXE) vulnerability in Square Retrofit
CVE-2018-1000850 unknown 8y ago Directory Traversal vulnerability in Square Retrofit
CVE-2018-1000873 unknown 8y ago Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353
CVE-2018-1000854 unknown 8y ago Remote Code Execution in esigate-core
CVE-2018-1000836 unknown 8y ago XML External Entity (XXE) vulnerability in bw-calendar-engine
CVE-2018-17195 unknown 8y ago Cleartext Transmission of Sensitive Information in Apache nifi
CVE-2018-17193 unknown 8y ago Cross site scripting in org.apache.nifi:nifi
CVE-2018-17194 unknown 8y ago Apache NiFi Improper Input Validation vulnerability
CVE-2018-17192 unknown 8y ago Improper Restriction of Rendered UI Layers or Frames in Apache nifif
CVE-2018-1000823 unknown 8y ago exist-db:exist-core XML External Entity (XXE) vulnerability
CVE-2018-1000822 unknown 8y ago XML External Entity (XXE) vulnerability in codelibs fess
CVE-2018-1000820 unknown 8y ago XML External Entity (XXE) vulnerability in neo4j.procedure:apoc
CVE-2018-15801 unknown 8y ago Spring Security vulnerable to Authorization Bypass
CVE-2018-11799 unknown 8y ago Moderate severity vulnerability that affects org.apache.oozie:oozie-core
CVE-2018-20094 unknown 8y ago XXL-CONF Path Traversal vulnerability
CVE-2018-20000 unknown 8y ago Improper Restriction of XML External Entity Reference in bedework:bw-webdav
CVE-2018-20059 unknown 8y ago Improper Restriction of XML External Entity Reference in pippo-core
CVE-2018-19907 unknown 8y ago OS Command Injection in craftercms:crafter-studio
CVE-2018-15795 unknown 8y ago Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker
CVE-2018-11777 unknown 8y ago Improper Authentication in hive:hive-exec
CVE-2018-1314 unknown 8y ago Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
CVE-2018-1282 unknown 8y ago SQL Injection in hive-jdbc
CVE-2018-1284 unknown 8y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
CVE-2018-1315 unknown 8y ago Incorrect Permission Assignment for Critical Resource in Apache hive
CVE-2018-17187 unknown 8y ago Improper Certificate Validation in proton-j
CVE-2018-17190 unknown 8y ago Remote Code Execution in spark-core
CVE-2018-1337 unknown 8y ago In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connec…
CVE-2018-18853 unknown 8y ago Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields
CVE-2018-18854 unknown 8y ago Uncontrolled Resource Consumption in spray-json
CVE-2018-17184 unknown 8y ago Improper Control of Interaction Frequency in Apache syncope-core
CVE-2018-17186 unknown 8y ago Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core
CVE-2018-18830 unknown 8y ago Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms
CVE-2018-18831 unknown 8y ago Path Traversal in minsoft:ms-mcms
CVE-2018-8006 unknown 8y ago Apache ActiveMQ web console vulnerable to Cross-site Scripting
CVE-2018-18628 unknown 8y ago Deserialization of Untrusted Data in Pippo
CVE-2018-18531 unknown 8y ago Use of Insufficiently Random Values in penggle:kaptcha
CVE-2018-16115 unknown 8y ago Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
CVE-2018-16131 unknown 8y ago High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12
CVE-2018-15758 unknown 8y ago Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
CVE-2018-12537 unknown 8y ago Moderate severity vulnerability that affects io.vertx:vertx-core
CVE-2018-9159 unknown 8y ago Moderate severity vulnerability that affects com.sparkjava:spark-core
CVE-2018-1047 unknown 8y ago Improper Input Validation in org.wildfly:wildfly-undertow
CVE-2018-1000644 unknown 8y ago Eclipse RDF4j vulnerable to XML External Entity