CVEs from 2018
Total
2,825
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.4%
% with KEV
3.2%
% with exploit
9.2%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11787 | unknown | — | — | 8y ago | Improper Authentication in Apache Karaf | |||
| CVE-2018-11788 | unknown | — | — | 8y ago | XML External Entity Reference in Apache Karaf | |||
| CVE-2018-20433 | unknown | — | — | 8y ago | XML External Entity Reference in mchange:c3p0 | |||
| CVE-2018-14719 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deseriali… | |||
| CVE-2018-14720 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. | |||
| CVE-2018-14721 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic de… | |||
| CVE-2018-19362 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. | |||
| CVE-2018-19361 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | |||
| CVE-2018-19360 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | |||
| CVE-2018-14718 | unknown | — | — | 8y ago | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | |||
| CVE-2018-18893 | unknown | — | — | 8y ago | Jinjava calls getClass | |||
| CVE-2018-20594 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons | |||
| CVE-2018-20595 | unknown | — | — | 8y ago | Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons | |||
| CVE-2018-17197 | unknown | — | — | 8y ago | Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser | |||
| CVE-2018-8009 | unknown | — | — | 8y ago | Path Traversal in Hadoop | |||
| CVE-2018-11766 | unknown | — | — | 8y ago | Arbitrary Command Execution in Hadoop | |||
| CVE-2018-11786 | unknown | — | — | 8y ago | Improper Privilege Management in Apache Karaf | |||
| CVE-2018-14637 | unknown | — | — | 8y ago | Improper Authentication in Keycloak | |||
| CVE-2018-1000844 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in Square Retrofit | |||
| CVE-2018-1000850 | unknown | — | — | 8y ago | Directory Traversal vulnerability in Square Retrofit | |||
| CVE-2018-1000873 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353 | |||
| CVE-2018-1000854 | unknown | — | — | 8y ago | Remote Code Execution in esigate-core | |||
| CVE-2018-1000836 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in bw-calendar-engine | |||
| CVE-2018-17195 | unknown | — | — | 8y ago | Cleartext Transmission of Sensitive Information in Apache nifi | |||
| CVE-2018-17193 | unknown | — | — | 8y ago | Cross site scripting in org.apache.nifi:nifi | |||
| CVE-2018-17194 | unknown | — | — | 8y ago | Apache NiFi Improper Input Validation vulnerability | |||
| CVE-2018-17192 | unknown | — | — | 8y ago | Improper Restriction of Rendered UI Layers or Frames in Apache nifif | |||
| CVE-2018-1000823 | unknown | — | — | 8y ago | exist-db:exist-core XML External Entity (XXE) vulnerability | |||
| CVE-2018-1000822 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in codelibs fess | |||
| CVE-2018-1000820 | unknown | — | — | 8y ago | XML External Entity (XXE) vulnerability in neo4j.procedure:apoc | |||
| CVE-2018-15801 | unknown | — | — | 8y ago | Spring Security vulnerable to Authorization Bypass | |||
| CVE-2018-11799 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.oozie:oozie-core | |||
| CVE-2018-20094 | unknown | — | — | 8y ago | XXL-CONF Path Traversal vulnerability | |||
| CVE-2018-20000 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in bedework:bw-webdav | |||
| CVE-2018-20059 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in pippo-core | |||
| CVE-2018-19907 | unknown | — | — | 8y ago | OS Command Injection in craftercms:crafter-studio | |||
| CVE-2018-15795 | unknown | — | — | 8y ago | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker | |||
| CVE-2018-11777 | unknown | — | — | 8y ago | Improper Authentication in hive:hive-exec | |||
| CVE-2018-1314 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.hive:hive-jdbc | |||
| CVE-2018-1282 | unknown | — | — | 8y ago | SQL Injection in hive-jdbc | |||
| CVE-2018-1284 | unknown | — | — | 8y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache hive | |||
| CVE-2018-1315 | unknown | — | — | 8y ago | Incorrect Permission Assignment for Critical Resource in Apache hive | |||
| CVE-2018-18920 | unknown | — | — | 8y ago | Py-EVM is vulnerable to arbitrary bytecode injection | |||
| CVE-2018-17187 | unknown | — | — | 8y ago | Improper Certificate Validation in proton-j | |||
| CVE-2018-17190 | unknown | — | — | 8y ago | Remote Code Execution in spark-core | |||
| CVE-2018-1337 | unknown | — | — | 8y ago | In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connec… | |||
| CVE-2018-18853 | unknown | — | — | 8y ago | Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields | |||
| CVE-2018-18854 | unknown | — | — | 8y ago | Uncontrolled Resource Consumption in spray-json | |||
| CVE-2018-17184 | unknown | — | — | 8y ago | Improper Control of Interaction Frequency in Apache syncope-core | |||
| CVE-2018-17186 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core | |||
| CVE-2018-18830 | unknown | — | — | 8y ago | Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms | |||
| CVE-2018-18831 | unknown | — | — | 8y ago | Path Traversal in minsoft:ms-mcms | |||
| CVE-2018-8006 | unknown | — | — | 8y ago | Apache ActiveMQ web console vulnerable to Cross-site Scripting | |||
| CVE-2018-18628 | unknown | — | — | 8y ago | Deserialization of Untrusted Data in Pippo | |||
| CVE-2018-18531 | unknown | — | — | 8y ago | Use of Insufficiently Random Values in penggle:kaptcha | |||
| CVE-2018-16115 | unknown | — | — | 8y ago | Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor | |||
| CVE-2018-16131 | unknown | — | — | 8y ago | High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 | |||
| CVE-2018-15758 | unknown | — | — | 8y ago | Authorization bypass in org.springframework.security.oauth:spring-security-oauth2 | |||
| CVE-2018-12537 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects io.vertx:vertx-core | |||
| CVE-2018-9159 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.sparkjava:spark-core | |||
| CVE-2018-1047 | unknown | — | — | 8y ago | Improper Input Validation in org.wildfly:wildfly-undertow | |||
| CVE-2018-1000644 | unknown | — | — | 8y ago | Eclipse RDF4j vulnerable to XML External Entity | |||
| CVE-2018-10936 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate | |||
| CVE-2018-1000529 | unknown | — | — | 8y ago | Stored Cross Site Scripting in Grails Fields Plugin | |||
| CVE-2018-11775 | unknown | — | — | 8y ago | Improper Certificate Validation in Apache activemq-client | |||
| CVE-2018-1307 | unknown | — | — | 8y ago | Apache juddi-client vulnerable to XML External Entity (XXE) | |||
| CVE-2018-1298 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j | |||
| CVE-2018-11771 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.commons:commons-compress | |||
| CVE-2018-8039 | unknown | — | — | 8y ago | Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* | |||
| CVE-2018-12536 | unknown | — | — | 8y ago | Eclipse Jetty Server generates error message containing sensitive information | |||
| CVE-2018-11087 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp | |||
| CVE-2018-1196 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.springframework.boot:spring-boot | |||
| CVE-2018-1261 | unknown | — | — | 8y ago | Path traversal in org.springframework.integration:spring-integration-zip | |||
| CVE-2018-1260 | unknown | — | — | 8y ago | Spring Security OAuth vulnerable to remote code execution (RCE) | |||
| CVE-2018-8025 | unknown | — | — | 8y ago | Race condition in org.apache.hbase:hbase-thrift | |||
| CVE-2018-8038 | unknown | — | — | 8y ago | High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cx… | |||
| CVE-2018-10912 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.keycloak:keycloak-core | |||
| CVE-2018-1275 | unknown | — | — | 8y ago | Spring Framework has Improperly Implemented Security Check for Standard | |||
| CVE-2018-1272 | unknown | — | — | 8y ago | Possible privilege escalation in org.springframework:spring-core | |||
| CVE-2018-1271 | unknown | — | — | 8y ago | Path Traversal in org.springframework:spring-core | |||
| CVE-2018-1270 | unknown | — | — | 8y ago | Spring Framework allows applications to expose STOMP over WebSocket endpoints | |||
| CVE-2018-1258 | unknown | — | — | 8y ago | Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass | |||
| CVE-2018-1257 | unknown | — | — | 8y ago | Denial of Service in org.springframework:spring-core | |||
| CVE-2018-1199 | unknown | — | — | 8y ago | Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core | |||
| CVE-2018-8010 | unknown | — | — | 8y ago | There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files | |||
| CVE-2018-1308 | unknown | — | — | 8y ago | There is a XML external entity expansion (XXE) vulnerability in Apache Solr | |||
| CVE-2018-8026 | unknown | — | — | 8y ago | XML external entity expansion in org.apache.solr:solr-core | |||
| CVE-2018-17297 | unknown | — | — | 8y ago | Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal | |||
| CVE-2018-8023 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.mesos:mesos | |||
| CVE-2018-17785 | unknown | — | — | 8y ago | In blynk-server a Directory Traversal exists | |||
| CVE-2018-1332 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.storm:storm-core | |||
| CVE-2018-1331 | unknown | — | — | 8y ago | Code execution in org.apache.storm:storm-core | |||
| CVE-2018-15531 | unknown | — | — | 8y ago | JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | |||
| CVE-2018-11797 | unknown | — | — | 8y ago | In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation | |||
| CVE-2018-18389 | unknown | — | — | 8y ago | Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication | |||
| CVE-2018-1274 | unknown | — | — | 8y ago | Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation | |||
| CVE-2018-1259 | unknown | — | — | 8y ago | Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references | |||
| CVE-2018-11778 | unknown | — | — | 8y ago | UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow | |||
| CVE-2018-1336 | unknown | — | — | 8y ago | An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 t… | |||
| CVE-2018-1305 | unknown | — | — | 8y ago | Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. … |