CVEs from 2018
Total
2,860
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10936 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate | |||
| CVE-2018-1000529 | unknown | — | — | 8y ago | Stored Cross Site Scripting in Grails Fields Plugin | |||
| CVE-2018-11775 | unknown | — | — | 8y ago | Improper Certificate Validation in Apache activemq-client | |||
| CVE-2018-1307 | unknown | — | — | 8y ago | Apache juddi-client vulnerable to XML External Entity (XXE) | |||
| CVE-2018-1298 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j | |||
| CVE-2018-11771 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.commons:commons-compress | |||
| CVE-2018-8039 | unknown | — | — | 8y ago | Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* | |||
| CVE-2018-12536 | unknown | — | — | 8y ago | Eclipse Jetty Server generates error message containing sensitive information | |||
| CVE-2018-11087 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp | |||
| CVE-2018-1196 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.springframework.boot:spring-boot | |||
| CVE-2018-1261 | unknown | — | — | 8y ago | Path traversal in org.springframework.integration:spring-integration-zip | |||
| CVE-2018-1260 | unknown | — | — | 8y ago | Spring Security OAuth vulnerable to remote code execution (RCE) | |||
| CVE-2018-8025 | unknown | — | — | 8y ago | Race condition in org.apache.hbase:hbase-thrift | |||
| CVE-2018-8038 | unknown | — | — | 8y ago | High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cx… | |||
| CVE-2018-10912 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.keycloak:keycloak-core | |||
| CVE-2018-1275 | unknown | — | — | 8y ago | Spring Framework has Improperly Implemented Security Check for Standard | |||
| CVE-2018-1272 | unknown | — | — | 8y ago | Possible privilege escalation in org.springframework:spring-core | |||
| CVE-2018-1271 | unknown | — | — | 8y ago | Path Traversal in org.springframework:spring-core | |||
| CVE-2018-1270 | unknown | — | — | 8y ago | Spring Framework allows applications to expose STOMP over WebSocket endpoints | |||
| CVE-2018-1258 | unknown | — | — | 8y ago | Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass | |||
| CVE-2018-1257 | unknown | — | — | 8y ago | Denial of Service in org.springframework:spring-core | |||
| CVE-2018-1199 | unknown | — | — | 8y ago | Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core | |||
| CVE-2018-8010 | unknown | — | — | 8y ago | There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files | |||
| CVE-2018-1308 | unknown | — | — | 8y ago | There is a XML external entity expansion (XXE) vulnerability in Apache Solr | |||
| CVE-2018-8026 | unknown | — | — | 8y ago | XML external entity expansion in org.apache.solr:solr-core | |||
| CVE-2018-17297 | unknown | — | — | 8y ago | Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal | |||
| CVE-2018-8023 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.mesos:mesos | |||
| CVE-2018-17785 | unknown | — | — | 8y ago | In blynk-server a Directory Traversal exists | |||
| CVE-2018-1332 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.storm:storm-core | |||
| CVE-2018-1331 | unknown | — | — | 8y ago | Code execution in org.apache.storm:storm-core | |||
| CVE-2018-15531 | unknown | — | — | 8y ago | JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | |||
| CVE-2018-11797 | unknown | — | — | 8y ago | In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation | |||
| CVE-2018-18389 | unknown | — | — | 8y ago | Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication | |||
| CVE-2018-1274 | unknown | — | — | 8y ago | Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation | |||
| CVE-2018-1259 | unknown | — | — | 8y ago | Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references | |||
| CVE-2018-11778 | unknown | — | — | 8y ago | UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow | |||
| CVE-2018-1336 | unknown | — | — | 8y ago | An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 t… | |||
| CVE-2018-1305 | unknown | — | — | 8y ago | Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. … | |||
| CVE-2018-1304 | unknown | — | — | 8y ago | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 … | |||
| CVE-2018-1000613 | unknown | — | — | 8y ago | Deserialization of Untrusted Data in Bouncy castle | |||
| CVE-2018-12542 | unknown | — | — | 8y ago | Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location | |||
| CVE-2018-12544 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects io.vertx:vertx-core | |||
| CVE-2018-12541 | unknown | — | — | 8y ago | Excessive memory allocation | |||
| CVE-2018-12540 | unknown | — | — | 8y ago | High severity vulnerability that affects io.vertx:vertx-web | |||
| CVE-2018-1338 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-8017 | unknown | — | — | 8y ago | Comparison errorr in org.apache.tika:tika-core | |||
| CVE-2018-11762 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-11761 | unknown | — | — | 8y ago | High severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-1339 | unknown | — | — | 8y ago | org.apache.tika:tika-parsers has an Infinite Loop vulnerability | |||
| CVE-2018-11796 | unknown | — | — | 8y ago | Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack | |||
| CVE-2018-12418 | unknown | — | — | 8y ago | Junrar vulnerable to Infinite Loop | |||
| CVE-2018-8041 | unknown | — | — | 8y ago | Apache Camel's Mail is vulnerable to path traversal | |||
| CVE-2018-8027 | unknown | — | — | 8y ago | Apache is vulnerable to XXE in XSD validation processor | |||
| CVE-2018-8018 | unknown | — | — | 8y ago | Code execution via deserialization in org.apache.ignite:ignite-core | |||
| CVE-2018-1295 | unknown | — | — | 8y ago | Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization | |||
| CVE-2018-8032 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects apache axis | |||
| CVE-2018-8030 | unknown | — | — | 8y ago | Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents | |||
| CVE-2018-1327 | unknown | — | — | 8y ago | Apache Struts REST Plugin can potentially allow a DoS attack | |||
| CVE-2018-7489 | unknown | — | — | 8y ago | FasterXML jackson-databind allows unauthenticated remote code execution | |||
| CVE-2018-1000180 | unknown | — | — | 8y ago | Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator | |||
| CVE-2018-12538 | unknown | — | — | 8y ago | Access and integrity issue within Eclipse Jetty | |||
| CVE-2018-11040 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.springframework:spring-core | |||
| CVE-2018-11039 | unknown | — | — | 8y ago | Spring Framework Cross Site Tracing (XST) | |||
| CVE-2018-8008 | unknown | — | — | 8y ago | ZipSlip in org.apache.storm:storm-core | |||
| CVE-2018-1000632 | unknown | — | — | 8y ago | Dom4j contains a XML Injection vulnerability | |||
| CVE-2018-14041 | unknown | — | — | 8y ago | Bootstrap Cross-site Scripting vulnerability | |||
| CVE-2018-25025 | unknown | — | — | 8y ago | Multiple memory safety issues | |||
| CVE-2018-25024 | unknown | — | — | 8y ago | Multiple memory safety issues | |||
| CVE-2018-25026 | unknown | — | — | 8y ago | Multiple memory safety issues | |||
| CVE-2018-20997 | unknown | — | — | 8y ago | An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. |