VIR Vulnerability Intelligence Relay

CVEs from 2018

3,113 normalized CVEs published or assigned in this year.

Total
3,113
critical
critical 229
high
high 302
medium
medium 256
low
low 39
% Critical
7.4%
% with KEV
2.9%
% with exploit
4.0%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-25031 unknown 4y ago Spoofing attack in swagger-ui
CVE-2018-21234 unknown 4y ago Deserialization of Untrusted Data in Jodd
CVE-2018-11764 unknown 4y ago Authentication bypass in Apache Hadoop
CVE-2018-11802 unknown 4y ago Incorrect Authorization in Apache Solr
CVE-2018-16153 unknown 5y ago Opencast publishes global system account credentials
CVE-2018-11765 unknown 5y ago Improper Authentication in Apache Hadoop
CVE-2018-25007 unknown 5y ago Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
CVE-2018-5968 unknown 6y ago Deserialization of Untrusted Data in jackson-databind
CVE-2018-10237 unknown 6y ago Denial of Service in Google Guava
CVE-2018-15756 unknown 6y ago Denial of Service in Spring Framework
CVE-2018-12023 unknown 6y ago Deserialization of Untrusted Data
CVE-2018-11768 unknown 7y ago user/group information can be corrupted across storing in fsimage and reading back from fsimage
CVE-2018-15890 unknown 7y ago Deserialization of Untrusted Data in EthereumJ
CVE-2018-11307 unknown 7y ago Deserialization of Untrusted Data in jackson-databind
CVE-2018-8029 unknown 7y ago Privilege escalation vulnerability in Apache Hadoop
CVE-2018-17201 unknown 7y ago Improper Input Validation in Apache Sanselan
CVE-2018-17202 unknown 7y ago Infinite Loop in Apache Sanselan
CVE-2018-8035 unknown 7y ago Cross-site Scripting in Apache UIMA
CVE-2018-1328 unknown 7y ago Cross-site Scripting in Apache Zeppelin
CVE-2018-1317 unknown 7y ago Improper Authentication in Apache Zeppelin
CVE-2018-12545 unknown 7y ago Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
CVE-2018-12022 unknown 7y ago jackson-databind Deserialization of Untrusted Data vulnerability
CVE-2018-11767 unknown 7y ago Improper Privilege Management in org.apache.hadoop:hadoop-main
CVE-2018-1324 unknown 7y ago Apache Commons Compress vulnerable to denial of service due to infinite loop
CVE-2018-1334 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
CVE-2018-8024 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
CVE-2018-11793 unknown 7y ago Stack Overflow in Apache Mesos
CVE-2018-1296 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Hadoop
CVE-2018-20242 unknown 7y ago Cross-site Scripting in jspwiki-war
CVE-2018-1320 unknown 8y ago Improper Input Validation in Apache Thrift
CVE-2018-11798 unknown 8y ago Apache Thrift Node.js static web server sandbox escape
CVE-2018-11787 unknown 8y ago Improper Authentication in Apache Karaf
CVE-2018-11788 unknown 8y ago XML External Entity Reference in Apache Karaf
CVE-2018-20433 unknown 8y ago XML External Entity Reference in mchange:c3p0
CVE-2018-14719 unknown 8y ago Arbitrary Code Execution in jackson-databind
CVE-2018-14720 unknown 8y ago XML External Entity Reference (XXE) in jackson-databind
CVE-2018-14721 unknown 8y ago Server-Side Request Forgery (SSRF) in jackson-databind
CVE-2018-19362 unknown 8y ago com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
CVE-2018-19361 unknown 8y ago Deserialization of Untrusted Data in jackson-databind
CVE-2018-19360 unknown 8y ago Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
CVE-2018-14718 unknown 8y ago Arbitrary Code Execution in jackson-databind
CVE-2018-18893 unknown 8y ago Jinjava calls getClass
CVE-2018-20594 unknown 8y ago Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
CVE-2018-20595 unknown 8y ago Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
CVE-2018-17197 unknown 8y ago Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
CVE-2018-8009 unknown 8y ago Path Traversal in Hadoop
CVE-2018-11766 unknown 8y ago Arbitrary Command Execution in Hadoop
CVE-2018-11786 unknown 8y ago Improper Privilege Management in Apache Karaf
CVE-2018-14637 unknown 8y ago Improper Authentication in Keycloak
CVE-2018-1000844 unknown 8y ago XML External Entity (XXE) vulnerability in Square Retrofit
CVE-2018-1000850 unknown 8y ago Directory Traversal vulnerability in Square Retrofit
CVE-2018-1000873 unknown 8y ago Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353
CVE-2018-1000854 unknown 8y ago Remote Code Execution in esigate-core
CVE-2018-1000836 unknown 8y ago XML External Entity (XXE) vulnerability in bw-calendar-engine
CVE-2018-17195 unknown 8y ago Cleartext Transmission of Sensitive Information in Apache nifi
CVE-2018-17193 unknown 8y ago Cross site scripting in org.apache.nifi:nifi
CVE-2018-17194 unknown 8y ago Apache NiFi Improper Input Validation vulnerability
CVE-2018-17192 unknown 8y ago Improper Restriction of Rendered UI Layers or Frames in Apache nifif
CVE-2018-1000823 unknown 8y ago exist-db:exist-core XML External Entity (XXE) vulnerability
CVE-2018-1000822 unknown 8y ago XML External Entity (XXE) vulnerability in codelibs fess
CVE-2018-1000820 unknown 8y ago XML External Entity (XXE) vulnerability in neo4j.procedure:apoc
CVE-2018-15801 unknown 8y ago Spring Security vulnerable to Authorization Bypass
CVE-2018-11799 unknown 8y ago Moderate severity vulnerability that affects org.apache.oozie:oozie-core
CVE-2018-20094 unknown 8y ago XXL-CONF Path Traversal vulnerability
CVE-2018-20000 unknown 8y ago Improper Restriction of XML External Entity Reference in bedework:bw-webdav
CVE-2018-20059 unknown 8y ago Improper Restriction of XML External Entity Reference in pippo-core
CVE-2018-19907 unknown 8y ago OS Command Injection in craftercms:crafter-studio
CVE-2018-15795 unknown 8y ago Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker
CVE-2018-11777 unknown 8y ago Improper Authentication in hive:hive-exec
CVE-2018-1314 unknown 8y ago Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
CVE-2018-1282 unknown 8y ago SQL Injection in hive-jdbc
CVE-2018-1284 unknown 8y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
CVE-2018-1315 unknown 8y ago Incorrect Permission Assignment for Critical Resource in Apache hive
CVE-2018-17187 unknown 8y ago Improper Certificate Validation in proton-j
CVE-2018-17190 unknown 8y ago Remote Code Execution in spark-core
CVE-2018-1337 unknown 8y ago Credential leak in org.apache.directory.api:apache-ldap-api
CVE-2018-18853 unknown 8y ago Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields
CVE-2018-18854 unknown 8y ago Uncontrolled Resource Consumption in spray-json
CVE-2018-1321 unknown 8y ago High severity vulnerability that affects org.apache.syncope:syncope-core
CVE-2018-1322 unknown 8y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope
CVE-2018-17184 unknown 8y ago Improper Control of Interaction Frequency in Apache syncope-core
CVE-2018-17186 unknown 8y ago Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core
CVE-2018-18830 unknown 8y ago Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms
CVE-2018-18831 unknown 8y ago Path Traversal in minsoft:ms-mcms
CVE-2018-8006 unknown 8y ago Apache ActiveMQ web console vulnerable to Cross-site Scripting
CVE-2018-18628 unknown 8y ago Deserialization of Untrusted Data in Pippo
CVE-2018-18531 unknown 8y ago Use of Insufficiently Random Values in penggle:kaptcha
CVE-2018-16115 unknown 8y ago Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
CVE-2018-16131 unknown 8y ago High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12
CVE-2018-15758 unknown 8y ago Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
CVE-2018-12537 unknown 8y ago Moderate severity vulnerability that affects io.vertx:vertx-core
CVE-2018-9159 unknown 8y ago Moderate severity vulnerability that affects com.sparkjava:spark-core
CVE-2018-1047 unknown 8y ago Improper Input Validation in org.wildfly:wildfly-undertow
CVE-2018-1000644 unknown 8y ago Eclipse RDF4j vulnerable to XML External Entity
CVE-2018-10936 unknown 8y ago Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
CVE-2018-1000529 unknown 8y ago Stored Cross Site Scripting in Grails Fields Plugin
CVE-2018-11775 unknown 8y ago Improper Certificate Validation in Apache activemq-client
CVE-2018-1307 unknown 8y ago Apache juddi-client vulnerable to XML External Entity (XXE)
CVE-2018-1298 unknown 8y ago Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
CVE-2018-11771 unknown 8y ago Moderate severity vulnerability that affects org.apache.commons:commons-compress