CVEs from 2018
Total
2,843
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.4%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11768 | unknown | — | — | 7y ago | user/group information can be corrupted across storing in fsimage and reading back from fsimage | |||
| CVE-2018-15890 | unknown | — | — | 7y ago | Deserialization of Untrusted Data in EthereumJ | |||
| CVE-2018-11307 | unknown | — | — | 7y ago | An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11… | |||
| CVE-2018-8029 | unknown | — | — | 7y ago | Privilege escalation vulnerability in Apache Hadoop | |||
| CVE-2018-17201 | unknown | — | — | 7y ago | Improper Input Validation in Apache Sanselan | |||
| CVE-2018-17202 | unknown | — | — | 7y ago | Infinite Loop in Apache Sanselan | |||
| CVE-2018-8035 | unknown | — | — | 7y ago | Cross-site Scripting in Apache UIMA | |||
| CVE-2018-1328 | unknown | — | — | 7y ago | Cross-site Scripting in Apache Zeppelin | |||
| CVE-2018-1317 | unknown | — | — | 7y ago | Improper Authentication in Apache Zeppelin | |||
| CVE-2018-12545 | unknown | — | — | 7y ago | Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server | |||
| CVE-2018-12022 | unknown | — | — | 7y ago | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db j… | |||
| CVE-2018-11767 | unknown | — | — | 7y ago | Improper Privilege Management in org.apache.hadoop:hadoop-main | |||
| CVE-2018-1324 | unknown | — | — | 7y ago | Apache Commons Compress vulnerable to denial of service due to infinite loop | |||
| CVE-2018-1334 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark | |||
| CVE-2018-8024 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL | |||
| CVE-2018-11793 | unknown | — | — | 7y ago | Stack Overflow in Apache Mesos | |||
| CVE-2018-1296 | unknown | — | — | 7y ago | Exposure of Sensitive Information to an Unauthorized Actor in Hadoop | |||
| CVE-2018-20242 | unknown | — | — | 7y ago | Cross-site Scripting in jspwiki-war | |||
| CVE-2018-1320 | unknown | — | — | 8y ago | Improper Input Validation in Apache Thrift | |||
| CVE-2018-11798 | unknown | — | — | 8y ago | Apache Thrift Node.js static web server sandbox escape | |||
| CVE-2018-11787 | unknown | — | — | 8y ago | Improper Authentication in Apache Karaf | |||
| CVE-2018-11788 | unknown | — | — | 8y ago | XML External Entity Reference in Apache Karaf | |||
| CVE-2018-20433 | unknown | — | — | 8y ago | XML External Entity Reference in mchange:c3p0 | |||
| CVE-2018-14719 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deseriali… | |||
| CVE-2018-14720 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. | |||
| CVE-2018-14721 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic de… | |||
| CVE-2018-19362 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. | |||
| CVE-2018-19361 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | |||
| CVE-2018-19360 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | |||
| CVE-2018-14718 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | |||
| CVE-2018-18893 | unknown | — | — | 8y ago | Jinjava calls getClass | |||
| CVE-2018-20594 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons | |||
| CVE-2018-20595 | unknown | — | — | 8y ago | Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons | |||
| CVE-2018-17197 | unknown | — | — | 8y ago | Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser | |||
| CVE-2018-8009 | unknown | — | — | 8y ago | Path Traversal in Hadoop | |||
| CVE-2018-11766 | unknown | — | — | 8y ago | Arbitrary Command Execution in Hadoop | |||
| CVE-2018-11786 | unknown | — | — | 8y ago | Improper Privilege Management in Apache Karaf | |||
| CVE-2018-14637 | unknown | — | — | 8y ago | Improper Authentication in Keycloak | |||
| CVE-2018-1000844 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in Square Retrofit | |||
| CVE-2018-1000850 | unknown | — | — | 8y ago | Directory Traversal vulnerability in Square Retrofit | |||
| CVE-2018-1000873 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353 | |||
| CVE-2018-1000854 | unknown | — | — | 8y ago | Remote Code Execution in esigate-core | |||
| CVE-2018-1000836 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in bw-calendar-engine | |||
| CVE-2018-17195 | unknown | — | — | 8y ago | Cleartext Transmission of Sensitive Information in Apache nifi | |||
| CVE-2018-17193 | unknown | — | — | 8y ago | Cross site scripting in org.apache.nifi:nifi | |||
| CVE-2018-17194 | unknown | — | — | 8y ago | Apache NiFi Improper Input Validation vulnerability | |||
| CVE-2018-17192 | unknown | — | — | 8y ago | Improper Restriction of Rendered UI Layers or Frames in Apache nifif | |||
| CVE-2018-1000823 | unknown | — | — | 8y ago | exist-db:exist-core XML External Entity (XXE) vulnerability | |||
| CVE-2018-1000822 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in codelibs fess | |||
| CVE-2018-1000820 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in neo4j.procedure:apoc | |||
| CVE-2018-15801 | unknown | — | — | 8y ago | Spring Security vulnerable to Authorization Bypass | |||
| CVE-2018-11799 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.oozie:oozie-core | |||
| CVE-2018-20094 | unknown | — | — | 8y ago | XXL-CONF Path Traversal vulnerability | |||
| CVE-2018-20000 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in bedework:bw-webdav | |||
| CVE-2018-20059 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in pippo-core | |||
| CVE-2018-19907 | unknown | — | — | 8y ago | OS Command Injection in craftercms:crafter-studio | |||
| CVE-2018-15795 | unknown | — | — | 8y ago | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker | |||
| CVE-2018-11777 | unknown | — | — | 8y ago | Improper Authentication in hive:hive-exec | |||
| CVE-2018-1314 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.hive:hive-jdbc | |||
| CVE-2018-1282 | unknown | — | — | 8y ago | SQL Injection in hive-jdbc | |||
| CVE-2018-1284 | unknown | — | — | 8y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache hive | |||
| CVE-2018-1315 | unknown | — | — | 8y ago | Incorrect Permission Assignment for Critical Resource in Apache hive | |||
| CVE-2018-18920 | unknown | — | — | 8y ago | Py-EVM is vulnerable to arbitrary bytecode injection | |||
| CVE-2018-17187 | unknown | — | — | 8y ago | Improper Certificate Validation in proton-j | |||
| CVE-2018-17190 | unknown | — | — | 8y ago | Remote Code Execution in spark-core | |||
| CVE-2018-1337 | unknown | — | — | 8y ago | In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connec… | |||
| CVE-2018-18853 | unknown | — | — | 8y ago | Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields | |||
| CVE-2018-18854 | unknown | — | — | 8y ago | Uncontrolled Resource Consumption in spray-json | |||
| CVE-2018-17184 | unknown | — | — | 8y ago | Improper Control of Interaction Frequency in Apache syncope-core | |||
| CVE-2018-17186 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core | |||
| CVE-2018-18830 | unknown | — | — | 8y ago | Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms | |||
| CVE-2018-18831 | unknown | — | — | 8y ago | Path Traversal in minsoft:ms-mcms | |||
| CVE-2018-8006 | unknown | — | — | 8y ago | Apache ActiveMQ web console vulnerable to Cross-site Scripting | |||
| CVE-2018-18628 | unknown | — | — | 8y ago | Deserialization of Untrusted Data in Pippo | |||
| CVE-2018-18531 | unknown | — | — | 8y ago | Use of Insufficiently Random Values in penggle:kaptcha | |||
| CVE-2018-16115 | unknown | — | — | 8y ago | Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor | |||
| CVE-2018-16131 | unknown | — | — | 8y ago | High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 | |||
| CVE-2018-15758 | unknown | — | — | 8y ago | Authorization bypass in org.springframework.security.oauth:spring-security-oauth2 | |||
| CVE-2018-12537 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects io.vertx:vertx-core | |||
| CVE-2018-9159 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.sparkjava:spark-core | |||
| CVE-2018-1047 | unknown | — | — | 8y ago | Improper Input Validation in org.wildfly:wildfly-undertow | |||
| CVE-2018-1000644 | unknown | — | — | 8y ago | Eclipse RDF4j vulnerable to XML External Entity | |||
| CVE-2018-10936 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate | |||
| CVE-2018-1000529 | unknown | — | — | 8y ago | Stored Cross Site Scripting in Grails Fields Plugin | |||
| CVE-2018-11775 | unknown | — | — | 8y ago | Improper Certificate Validation in Apache activemq-client | |||
| CVE-2018-1307 | unknown | — | — | 8y ago | Apache juddi-client vulnerable to XML External Entity (XXE) | |||
| CVE-2018-1298 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j | |||
| CVE-2018-11771 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.commons:commons-compress | |||
| CVE-2018-8039 | unknown | — | — | 8y ago | Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* | |||
| CVE-2018-12536 | unknown | — | — | 8y ago | Eclipse Jetty Server generates error message containing sensitive information | |||
| CVE-2018-11087 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp | |||
| CVE-2018-1196 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.springframework.boot:spring-boot | |||
| CVE-2018-1261 | unknown | — | — | 8y ago | Path traversal in org.springframework.integration:spring-integration-zip | |||
| CVE-2018-1260 | unknown | — | — | 8y ago | Spring Security OAuth vulnerable to remote code execution (RCE) | |||
| CVE-2018-8025 | unknown | — | — | 8y ago | Race condition in org.apache.hbase:hbase-thrift | |||
| CVE-2018-8038 | unknown | — | — | 8y ago | High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cx… | |||
| CVE-2018-10912 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.keycloak:keycloak-core | |||
| CVE-2018-1275 | unknown | — | — | 8y ago | Spring Framework has Improperly Implemented Security Check for Standard | |||
| CVE-2018-1272 | unknown | — | — | 8y ago | Possible privilege escalation in org.springframework:spring-core | |||
| CVE-2018-1271 | unknown | — | — | 8y ago | Path Traversal in org.springframework:spring-core |