CVEs from 2018
Total
2,841
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.4%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11762 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-11761 | unknown | — | — | 8y ago | High severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-1339 | unknown | — | — | 8y ago | org.apache.tika:tika-parsers has an Infinite Loop vulnerability | |||
| CVE-2018-11796 | unknown | — | — | 8y ago | Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack | |||
| CVE-2018-12418 | unknown | — | — | 8y ago | Junrar vulnerable to Infinite Loop | |||
| CVE-2018-8041 | unknown | — | — | 8y ago | Apache Camel's Mail is vulnerable to path traversal | |||
| CVE-2018-8027 | unknown | — | — | 8y ago | Apache is vulnerable to XXE in XSD validation processor | |||
| CVE-2018-8018 | unknown | — | — | 8y ago | Code execution via deserialization in org.apache.ignite:ignite-core | |||
| CVE-2018-1295 | unknown | — | — | 8y ago | Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization | |||
| CVE-2018-8032 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects apache axis | |||
| CVE-2018-8030 | unknown | — | — | 8y ago | Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents | |||
| CVE-2018-1327 | unknown | — | — | 8y ago | Apache Struts REST Plugin can potentially allow a DoS attack | |||
| CVE-2018-7489 | unknown | — | — | 8y ago | FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization… | |||
| CVE-2018-1000180 | unknown | — | — | 8y ago | Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator | |||
| CVE-2018-12538 | unknown | — | — | 8y ago | Access and integrity issue within Eclipse Jetty | |||
| CVE-2018-11040 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.springframework:spring-core | |||
| CVE-2018-11039 | unknown | — | — | 8y ago | Spring Framework Cross Site Tracing (XST) | |||
| CVE-2018-8008 | unknown | — | — | 8y ago | ZipSlip in org.apache.storm:storm-core | |||
| CVE-2018-1000632 | unknown | — | — | 8y ago | Dom4j contains a XML Injection vulnerability | |||
| CVE-2018-17175 | unknown | — | — | 8y ago | Python marshmallow vulnerabilities | |||
| CVE-2018-1000807 | unknown | — | — | 8y ago | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possibl… | |||
| CVE-2018-1000808 | unknown | — | — | 8y ago | Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denia… | |||
| CVE-2018-14041 | unknown | — | — | 8y ago | Bootstrap Cross-site Scripting vulnerability | |||
| CVE-2018-25024 | unknown | — | — | 8y ago | Multiple memory safety issues | |||
| CVE-2018-25025 | unknown | — | — | 8y ago | Multiple memory safety issues | |||
| CVE-2018-25026 | unknown | — | — | 8y ago | Multiple memory safety issues | |||
| CVE-2018-20997 | unknown | — | — | 8y ago | An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. |