CVEs from 2018
Total
2,856
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1305 | unknown | — | — | 8y ago | Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. … | |||
| CVE-2018-1304 | unknown | — | — | 8y ago | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 … | |||
| CVE-2018-1000613 | unknown | — | — | 8y ago | Deserialization of Untrusted Data in Bouncy castle | |||
| CVE-2018-12542 | unknown | — | — | 8y ago | Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location | |||
| CVE-2018-12544 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects io.vertx:vertx-core | |||
| CVE-2018-12541 | unknown | — | — | 8y ago | Excessive memory allocation | |||
| CVE-2018-12540 | unknown | — | — | 8y ago | High severity vulnerability that affects io.vertx:vertx-web | |||
| CVE-2018-1338 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-8017 | unknown | — | — | 8y ago | Comparison errorr in org.apache.tika:tika-core | |||
| CVE-2018-11762 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-11761 | unknown | — | — | 8y ago | High severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-1339 | unknown | — | — | 8y ago | org.apache.tika:tika-parsers has an Infinite Loop vulnerability | |||
| CVE-2018-11796 | unknown | — | — | 8y ago | Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack | |||
| CVE-2018-12418 | unknown | — | — | 8y ago | Junrar vulnerable to Infinite Loop | |||
| CVE-2018-8041 | unknown | — | — | 8y ago | Apache Camel's Mail is vulnerable to path traversal | |||
| CVE-2018-8027 | unknown | — | — | 8y ago | Apache is vulnerable to XXE in XSD validation processor | |||
| CVE-2018-8018 | unknown | — | — | 8y ago | Code execution via deserialization in org.apache.ignite:ignite-core | |||
| CVE-2018-1295 | unknown | — | — | 8y ago | Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization | |||
| CVE-2018-8032 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects apache axis | |||
| CVE-2018-8030 | unknown | — | — | 8y ago | Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents | |||
| CVE-2018-1327 | unknown | — | — | 8y ago | Apache Struts REST Plugin can potentially allow a DoS attack | |||
| CVE-2018-7489 | unknown | — | — | 8y ago | FasterXML jackson-databind allows unauthenticated remote code execution | |||
| CVE-2018-1000180 | unknown | — | — | 8y ago | Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator | |||
| CVE-2018-12538 | unknown | — | — | 8y ago | Access and integrity issue within Eclipse Jetty | |||
| CVE-2018-11040 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.springframework:spring-core | |||
| CVE-2018-11039 | unknown | — | — | 8y ago | Spring Framework Cross Site Tracing (XST) | |||
| CVE-2018-8008 | unknown | — | — | 8y ago | ZipSlip in org.apache.storm:storm-core | |||
| CVE-2018-1000632 | unknown | — | — | 8y ago | Dom4j contains a XML Injection vulnerability | |||
| CVE-2018-1000807 | unknown | — | — | 8y ago | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possibl… | |||
| CVE-2018-1000808 | unknown | — | — | 8y ago | Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denia… | |||
| CVE-2018-14041 | unknown | — | — | 8y ago | Bootstrap Cross-site Scripting vulnerability | |||
| CVE-2018-25024 | unknown | — | — | 8y ago | Multiple memory safety issues | |||
| CVE-2018-25025 | unknown | — | — | 8y ago | Multiple memory safety issues | |||
| CVE-2018-25026 | unknown | — | — | 8y ago | Multiple memory safety issues | |||
| CVE-2018-20997 | unknown | — | — | 8y ago | An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. |