VIR Vulnerability Intelligence Relay

CVEs from 2018

3,126 normalized CVEs published or assigned in this year.

Total
3,126
critical
critical 232
high
high 319
medium
medium 258
low
low 39
% Critical
7.4%
% with KEV
2.8%
% with exploit
8.3%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-8026 unknown 8y ago XML external entity expansion in org.apache.solr:solr-core
CVE-2018-17297 unknown 8y ago Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
CVE-2018-8023 unknown 8y ago Moderate severity vulnerability that affects org.apache.mesos:mesos
CVE-2018-17785 unknown 8y ago In blynk-server a Directory Traversal exists
CVE-2018-1332 unknown 8y ago Moderate severity vulnerability that affects org.apache.storm:storm-core
CVE-2018-1331 unknown 8y ago Code execution in org.apache.storm:storm-core
CVE-2018-15531 unknown 8y ago JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
CVE-2018-11797 unknown 8y ago In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation
CVE-2018-18389 unknown 8y ago Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
CVE-2018-1274 unknown 8y ago Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
CVE-2018-1259 unknown 8y ago Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
CVE-2018-11778 unknown 8y ago UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
CVE-2018-1336 unknown 8y ago In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
CVE-2018-1305 unknown 8y ago Apache Tomcat information exposure vulnerability
CVE-2018-1304 unknown 8y ago Apache Tomcat unauthorized access vulnerability
CVE-2018-1000613 unknown 8y ago Deserialization of Untrusted Data in Bouncy castle
CVE-2018-12542 unknown 8y ago Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
CVE-2018-12544 unknown 8y ago Moderate severity vulnerability that affects io.vertx:vertx-core
CVE-2018-12541 unknown 8y ago Excessive memory allocation
CVE-2018-12540 unknown 8y ago High severity vulnerability that affects io.vertx:vertx-web
CVE-2018-1338 unknown 8y ago Moderate severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-8017 unknown 8y ago Comparison errorr in org.apache.tika:tika-core
CVE-2018-11762 unknown 8y ago Moderate severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-11761 unknown 8y ago High severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-1339 unknown 8y ago org.apache.tika:tika-parsers has an Infinite Loop vulnerability
CVE-2018-11796 unknown 8y ago Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
CVE-2018-12418 unknown 8y ago Junrar vulnerable to Infinite Loop
CVE-2018-8041 unknown 8y ago Apache Camel's Mail is vulnerable to path traversal
CVE-2018-8027 unknown 8y ago Apache is vulnerable to XXE in XSD validation processor
CVE-2018-8018 unknown 8y ago Code execution via deserialization in org.apache.ignite:ignite-core
CVE-2018-1295 unknown 8y ago Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization
CVE-2018-8032 unknown 8y ago Moderate severity vulnerability that affects apache axis
CVE-2018-8030 unknown 8y ago Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
CVE-2018-1327 unknown 8y ago Apache Struts REST Plugin can potentially allow a DoS attack
CVE-2018-7489 unknown 8y ago FasterXML jackson-databind allows unauthenticated remote code execution
CVE-2018-1000180 unknown 8y ago Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
CVE-2018-12538 unknown 8y ago Access and integrity issue within Eclipse Jetty
CVE-2018-11040 unknown 8y ago Moderate severity vulnerability that affects org.springframework:spring-core
CVE-2018-11039 unknown 8y ago Spring Framework Cross Site Tracing (XST)
CVE-2018-8008 unknown 8y ago ZipSlip in org.apache.storm:storm-core
CVE-2018-1000632 unknown 8y ago Dom4j contains a XML Injection vulnerability
CVE-2018-14041 unknown 8y ago Bootstrap Cross-site Scripting vulnerability