VIR Vulnerability Intelligence Relay

CVEs from 2018

3,083 normalized CVEs published or assigned in this year.

Total
3,083
critical
critical 232
high
high 319
medium
medium 258
low
low 39
% Critical
7.5%
% with KEV
2.9%
% with exploit
8.4%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-18893 unknown 8y ago Jinjava calls getClass
CVE-2018-20594 unknown 8y ago Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
CVE-2018-20595 unknown 8y ago Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
CVE-2018-17197 unknown 8y ago Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
CVE-2018-8009 unknown 8y ago Path Traversal in Hadoop
CVE-2018-11766 unknown 8y ago Arbitrary Command Execution in Hadoop
CVE-2018-11786 unknown 8y ago Improper Privilege Management in Apache Karaf
CVE-2018-14637 unknown 8y ago Improper Authentication in Keycloak
CVE-2018-1000844 unknown 8y ago XML External Entity (XXE) vulnerability in Square Retrofit
CVE-2018-1000850 unknown 8y ago Directory Traversal vulnerability in Square Retrofit
CVE-2018-1000873 unknown 8y ago Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353
CVE-2018-1000854 unknown 8y ago Remote Code Execution in esigate-core
CVE-2018-1000836 unknown 8y ago XML External Entity (XXE) vulnerability in bw-calendar-engine
CVE-2018-17195 unknown 8y ago Cleartext Transmission of Sensitive Information in Apache nifi
CVE-2018-17193 unknown 8y ago Cross site scripting in org.apache.nifi:nifi
CVE-2018-17194 unknown 8y ago Apache NiFi Improper Input Validation vulnerability
CVE-2018-17192 unknown 8y ago Improper Restriction of Rendered UI Layers or Frames in Apache nifif
CVE-2018-1000823 unknown 8y ago exist-db:exist-core XML External Entity (XXE) vulnerability
CVE-2018-1000822 unknown 8y ago XML External Entity (XXE) vulnerability in codelibs fess
CVE-2018-1000820 unknown 8y ago XML External Entity (XXE) vulnerability in neo4j.procedure:apoc
CVE-2018-15801 unknown 8y ago Spring Security vulnerable to Authorization Bypass
CVE-2018-11799 unknown 8y ago Moderate severity vulnerability that affects org.apache.oozie:oozie-core
CVE-2018-20094 unknown 8y ago XXL-CONF Path Traversal vulnerability
CVE-2018-20000 unknown 8y ago Improper Restriction of XML External Entity Reference in bedework:bw-webdav
CVE-2018-20059 unknown 8y ago Improper Restriction of XML External Entity Reference in pippo-core
CVE-2018-19907 unknown 8y ago OS Command Injection in craftercms:crafter-studio
CVE-2018-15795 unknown 8y ago Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker
CVE-2018-11777 unknown 8y ago Improper Authentication in hive:hive-exec
CVE-2018-1314 unknown 8y ago Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
CVE-2018-1282 unknown 8y ago SQL Injection in hive-jdbc
CVE-2018-1284 unknown 8y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
CVE-2018-1315 unknown 8y ago Incorrect Permission Assignment for Critical Resource in Apache hive
CVE-2018-17187 unknown 8y ago Improper Certificate Validation in proton-j
CVE-2018-17190 unknown 8y ago Remote Code Execution in spark-core
CVE-2018-1337 unknown 8y ago Credential leak in org.apache.directory.api:apache-ldap-api
CVE-2018-18853 unknown 8y ago Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields
CVE-2018-18854 unknown 8y ago Uncontrolled Resource Consumption in spray-json
CVE-2018-17184 unknown 8y ago Improper Control of Interaction Frequency in Apache syncope-core
CVE-2018-17186 unknown 8y ago Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core
CVE-2018-18830 unknown 8y ago Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms
CVE-2018-18831 unknown 8y ago Path Traversal in minsoft:ms-mcms
CVE-2018-8006 unknown 8y ago Apache ActiveMQ web console vulnerable to Cross-site Scripting
CVE-2018-18628 unknown 8y ago Deserialization of Untrusted Data in Pippo
CVE-2018-18531 unknown 8y ago Use of Insufficiently Random Values in penggle:kaptcha
CVE-2018-16115 unknown 8y ago Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor
CVE-2018-16131 unknown 8y ago High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12
CVE-2018-15758 unknown 8y ago Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
CVE-2018-12537 unknown 8y ago Moderate severity vulnerability that affects io.vertx:vertx-core
CVE-2018-9159 unknown 8y ago Moderate severity vulnerability that affects com.sparkjava:spark-core
CVE-2018-1047 unknown 8y ago Improper Input Validation in org.wildfly:wildfly-undertow
CVE-2018-1000644 unknown 8y ago Eclipse RDF4j vulnerable to XML External Entity
CVE-2018-10936 unknown 8y ago Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
CVE-2018-1000529 unknown 8y ago Stored Cross Site Scripting in Grails Fields Plugin
CVE-2018-11775 unknown 8y ago Improper Certificate Validation in Apache activemq-client
CVE-2018-1307 unknown 8y ago Apache juddi-client vulnerable to XML External Entity (XXE)
CVE-2018-1298 unknown 8y ago Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j
CVE-2018-11771 unknown 8y ago Moderate severity vulnerability that affects org.apache.commons:commons-compress
CVE-2018-8039 unknown 8y ago Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*
CVE-2018-12536 unknown 8y ago Eclipse Jetty Server generates error message containing sensitive information
CVE-2018-11087 unknown 8y ago Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
CVE-2018-1196 unknown 8y ago Moderate severity vulnerability that affects org.springframework.boot:spring-boot
CVE-2018-1261 unknown 8y ago Path traversal in org.springframework.integration:spring-integration-zip
CVE-2018-1260 unknown 8y ago Spring Security OAuth vulnerable to remote code execution (RCE)
CVE-2018-8025 unknown 8y ago Race condition in org.apache.hbase:hbase-thrift
CVE-2018-8038 unknown 8y ago High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cx…
CVE-2018-10912 unknown 8y ago Moderate severity vulnerability that affects org.keycloak:keycloak-core
CVE-2018-1275 unknown 8y ago Spring Framework has Improperly Implemented Security Check for Standard
CVE-2018-1272 unknown 8y ago Possible privilege escalation in org.springframework:spring-core
CVE-2018-1271 unknown 8y ago Path Traversal in org.springframework:spring-core
CVE-2018-1270 unknown 8y ago Spring Framework allows applications to expose STOMP over WebSocket endpoints
CVE-2018-1258 unknown 8y ago Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
CVE-2018-1257 unknown 8y ago Denial of Service in org.springframework:spring-core
CVE-2018-1199 unknown 8y ago Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
CVE-2018-8010 unknown 8y ago There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
CVE-2018-1308 unknown 8y ago There is a XML external entity expansion (XXE) vulnerability in Apache Solr
CVE-2018-8026 unknown 8y ago XML external entity expansion in org.apache.solr:solr-core
CVE-2018-17297 unknown 8y ago Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
CVE-2018-8023 unknown 8y ago Moderate severity vulnerability that affects org.apache.mesos:mesos
CVE-2018-17785 unknown 8y ago In blynk-server a Directory Traversal exists
CVE-2018-1332 unknown 8y ago Moderate severity vulnerability that affects org.apache.storm:storm-core
CVE-2018-1331 unknown 8y ago Code execution in org.apache.storm:storm-core
CVE-2018-15531 unknown 8y ago JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
CVE-2018-11797 unknown 8y ago In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation
CVE-2018-18389 unknown 8y ago Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
CVE-2018-1274 unknown 8y ago Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
CVE-2018-1259 unknown 8y ago Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
CVE-2018-11778 unknown 8y ago UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
CVE-2018-1336 unknown 8y ago In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
CVE-2018-1305 unknown 8y ago Apache Tomcat information exposure vulnerability
CVE-2018-1304 unknown 8y ago Apache Tomcat unauthorized access vulnerability
CVE-2018-1000613 unknown 8y ago Deserialization of Untrusted Data in Bouncy castle
CVE-2018-12542 unknown 8y ago Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
CVE-2018-12544 unknown 8y ago Moderate severity vulnerability that affects io.vertx:vertx-core
CVE-2018-12541 unknown 8y ago Excessive memory allocation
CVE-2018-12540 unknown 8y ago High severity vulnerability that affects io.vertx:vertx-web
CVE-2018-1338 unknown 8y ago Moderate severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-8017 unknown 8y ago Comparison errorr in org.apache.tika:tika-core
CVE-2018-11762 unknown 8y ago Moderate severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-11761 unknown 8y ago High severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-1339 unknown 8y ago org.apache.tika:tika-parsers has an Infinite Loop vulnerability