VIR Vulnerability Intelligence Relay

CVEs from 2018

3,132 normalized CVEs published or assigned in this year.

Total
3,132
critical
critical 232
high
high 319
medium
medium 258
low
low 39
% Critical
7.4%
% with KEV
2.8%
% with exploit
8.3%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-3831 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
CVE-2018-8015 unknown 4y ago Apache ORC vulnerable to Uncontrolled Recursion
CVE-2018-18240 unknown 4y ago Pippo RCE Vulnerability
CVE-2018-12532 unknown 4y ago RichFaces vulnerable to Expression Language Injection
CVE-2018-12533 unknown 4y ago Arbitrary code execution in Richfaces
CVE-2018-1000412 unknown 4y ago Jenkins Jira Plugin Incorrect Authorization vulnerability
CVE-2018-1000424 unknown 4y ago Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk
CVE-2018-1000423 unknown 4y ago Jenkins Crowd 2 Integration Plugin stored credentials in plain text
CVE-2018-1000425 unknown 4y ago Jenkins SonarQube Scanner Plugin stored server authentication token in plain text
CVE-2018-1000419 unknown 4y ago Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs
CVE-2018-1000418 unknown 4y ago Jenkins HipChat Plugin allows credential capture due to incorrect authorization
CVE-2018-1000149 unknown 4y ago Jenkins Ansible Plugin man in the middle vulnerability
CVE-2018-1000015 unknown 4y ago Incorrect permission checks in Pipeline: Nodes and Processes plugin
CVE-2018-1067 unknown 4y ago Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow
CVE-2018-14657 unknown 4y ago Keycloak Improper Bruteforce Detection
CVE-2018-1048 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow
CVE-2018-14642 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Undertow
CVE-2018-1190 unknown 4y ago Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint
CVE-2018-14635 unknown 4y ago When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service cou…
CVE-2018-1256 unknown 4y ago Issuer validation regression in Spring Cloud SSO Connector
CVE-2018-1263 unknown 4y ago spring-integration-zip Arbitrary File Write
CVE-2018-1262 unknown 4y ago UAA privilege escalation across identity zones
CVE-2018-8012 unknown 4y ago Missing Authorization in Apache ZooKeeper
CVE-2018-8088 unknown 4y ago Improper Access Control in SLF4J
CVE-2018-1313 unknown 4y ago Improper Access Control in Apache Derby
CVE-2018-1288 unknown 4y ago Improper Control of Generation of Code in Apache Kafka
CVE-2018-1000067 unknown 4y ago Server-Side Request Forgery in Jenkins
CVE-2018-1000193 unknown 4y ago Injection in Jenkins
CVE-2018-1000068 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-1000192 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
CVE-2018-5382 unknown 4y ago Improper Validation of Integrity Check Value in Bouncy Castle
CVE-2018-6356 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins
CVE-2018-1000195 unknown 4y ago Cross-Site Request Forgery in Jenkins
CVE-2018-1000194 unknown 4y ago Path Traversal in Jenkins
CVE-2018-1000075 unknown 4y ago RubyGems Infinite Loop vulnerability
CVE-2018-1000073 unknown 4y ago RubyGems Link Following vulnerability
CVE-2018-25031 unknown 4y ago Spoofing attack in swagger-ui
CVE-2018-21234 unknown 4y ago Deserialization of Untrusted Data in Jodd
CVE-2018-11764 unknown 4y ago Authentication bypass in Apache Hadoop
CVE-2018-11802 unknown 4y ago Incorrect Authorization in Apache Solr
CVE-2018-16153 unknown 5y ago Opencast publishes global system account credentials
CVE-2018-11765 unknown 5y ago Improper Authentication in Apache Hadoop
CVE-2018-25007 unknown 5y ago Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
CVE-2018-5968 unknown 6y ago Deserialization of Untrusted Data in jackson-databind
CVE-2018-10237 unknown 6y ago Denial of Service in Google Guava
CVE-2018-15756 unknown 6y ago Denial of Service in Spring Framework
CVE-2018-12023 unknown 6y ago Deserialization of Untrusted Data
CVE-2018-11768 unknown 7y ago user/group information can be corrupted across storing in fsimage and reading back from fsimage
CVE-2018-15890 unknown 7y ago Deserialization of Untrusted Data in EthereumJ
CVE-2018-11307 unknown 7y ago Deserialization of Untrusted Data in jackson-databind
CVE-2018-8029 unknown 7y ago Privilege escalation vulnerability in Apache Hadoop
CVE-2018-17201 unknown 7y ago Improper Input Validation in Apache Sanselan
CVE-2018-17202 unknown 7y ago Infinite Loop in Apache Sanselan
CVE-2018-8035 unknown 7y ago Cross-site Scripting in Apache UIMA
CVE-2018-1328 unknown 7y ago Cross-site Scripting in Apache Zeppelin
CVE-2018-1317 unknown 7y ago Improper Authentication in Apache Zeppelin
CVE-2018-12545 unknown 7y ago Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
CVE-2018-12022 unknown 7y ago jackson-databind Deserialization of Untrusted Data vulnerability
CVE-2018-11767 unknown 7y ago Improper Privilege Management in org.apache.hadoop:hadoop-main
CVE-2018-1324 unknown 7y ago Apache Commons Compress vulnerable to denial of service due to infinite loop
CVE-2018-1334 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
CVE-2018-8024 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
CVE-2018-11793 unknown 7y ago Stack Overflow in Apache Mesos
CVE-2018-1296 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Hadoop
CVE-2018-20242 unknown 7y ago Cross-site Scripting in jspwiki-war
CVE-2018-1320 unknown 8y ago Improper Input Validation in Apache Thrift
CVE-2018-11798 unknown 8y ago Apache Thrift Node.js static web server sandbox escape
CVE-2018-11787 unknown 8y ago Improper Authentication in Apache Karaf
CVE-2018-11788 unknown 8y ago XML External Entity Reference in Apache Karaf
CVE-2018-20433 unknown 8y ago XML External Entity Reference in mchange:c3p0
CVE-2018-14719 unknown 8y ago Arbitrary Code Execution in jackson-databind
CVE-2018-14720 unknown 8y ago XML External Entity Reference (XXE) in jackson-databind
CVE-2018-14721 unknown 8y ago Server-Side Request Forgery (SSRF) in jackson-databind
CVE-2018-19362 unknown 8y ago com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
CVE-2018-19361 unknown 8y ago Deserialization of Untrusted Data in jackson-databind
CVE-2018-19360 unknown 8y ago Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
CVE-2018-14718 unknown 8y ago Arbitrary Code Execution in jackson-databind
CVE-2018-18893 unknown 8y ago Jinjava calls getClass
CVE-2018-20594 unknown 8y ago Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
CVE-2018-20595 unknown 8y ago Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
CVE-2018-17197 unknown 8y ago Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser
CVE-2018-8009 unknown 8y ago Path Traversal in Hadoop
CVE-2018-11766 unknown 8y ago Arbitrary Command Execution in Hadoop
CVE-2018-11786 unknown 8y ago Improper Privilege Management in Apache Karaf
CVE-2018-14637 unknown 8y ago Improper Authentication in Keycloak
CVE-2018-1000844 unknown 8y ago XML External Entity (XXE) vulnerability in Square Retrofit
CVE-2018-1000850 unknown 8y ago Directory Traversal vulnerability in Square Retrofit
CVE-2018-1000873 unknown 8y ago Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353
CVE-2018-1000854 unknown 8y ago Remote Code Execution in esigate-core
CVE-2018-1000836 unknown 8y ago XML External Entity (XXE) vulnerability in bw-calendar-engine
CVE-2018-17195 unknown 8y ago Cleartext Transmission of Sensitive Information in Apache nifi
CVE-2018-17193 unknown 8y ago Cross site scripting in org.apache.nifi:nifi
CVE-2018-17194 unknown 8y ago Apache NiFi Improper Input Validation vulnerability
CVE-2018-17192 unknown 8y ago Improper Restriction of Rendered UI Layers or Frames in Apache nifif
CVE-2018-1000823 unknown 8y ago exist-db:exist-core XML External Entity (XXE) vulnerability
CVE-2018-1000822 unknown 8y ago XML External Entity (XXE) vulnerability in codelibs fess
CVE-2018-1000820 unknown 8y ago XML External Entity (XXE) vulnerability in neo4j.procedure:apoc
CVE-2018-15801 unknown 8y ago Spring Security vulnerable to Authorization Bypass
CVE-2018-11799 unknown 8y ago Moderate severity vulnerability that affects org.apache.oozie:oozie-core
CVE-2018-20094 unknown 8y ago XXL-CONF Path Traversal vulnerability