VIR Vulnerability Intelligence Relay

CVEs from 2018

3,113 normalized CVEs published or assigned in this year.

Total
3,113
critical
critical 229
high
high 302
medium
medium 256
low
low 39
% Critical
7.4%
% with KEV
2.9%
% with exploit
4.0%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-8039 unknown 8y ago Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*
CVE-2018-12536 unknown 8y ago Eclipse Jetty Server generates error message containing sensitive information
CVE-2018-11087 unknown 8y ago Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
CVE-2018-1196 unknown 8y ago Moderate severity vulnerability that affects org.springframework.boot:spring-boot
CVE-2018-1261 unknown 8y ago Path traversal in org.springframework.integration:spring-integration-zip
CVE-2018-1260 unknown 8y ago Spring Security OAuth vulnerable to remote code execution (RCE)
CVE-2018-8025 unknown 8y ago Race condition in org.apache.hbase:hbase-thrift
CVE-2018-8038 unknown 8y ago High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cx…
CVE-2018-10912 unknown 8y ago Moderate severity vulnerability that affects org.keycloak:keycloak-core
CVE-2018-1275 unknown 8y ago Spring Framework has Improperly Implemented Security Check for Standard
CVE-2018-1272 unknown 8y ago Possible privilege escalation in org.springframework:spring-core
CVE-2018-1271 unknown 8y ago Path Traversal in org.springframework:spring-core
CVE-2018-1270 unknown 8y ago Spring Framework allows applications to expose STOMP over WebSocket endpoints
CVE-2018-1258 unknown 8y ago Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
CVE-2018-1257 unknown 8y ago Denial of Service in org.springframework:spring-core
CVE-2018-1199 unknown 8y ago Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
CVE-2018-8010 unknown 8y ago There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
CVE-2018-1308 unknown 8y ago There is a XML external entity expansion (XXE) vulnerability in Apache Solr
CVE-2018-8026 unknown 8y ago XML external entity expansion in org.apache.solr:solr-core
CVE-2018-17297 unknown 8y ago Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
CVE-2018-8023 unknown 8y ago Moderate severity vulnerability that affects org.apache.mesos:mesos
CVE-2018-17785 unknown 8y ago In blynk-server a Directory Traversal exists
CVE-2018-1332 unknown 8y ago Moderate severity vulnerability that affects org.apache.storm:storm-core
CVE-2018-1331 unknown 8y ago Code execution in org.apache.storm:storm-core
CVE-2018-15531 unknown 8y ago JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
CVE-2018-11797 unknown 8y ago In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation
CVE-2018-18389 unknown 8y ago Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
CVE-2018-1274 unknown 8y ago Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
CVE-2018-1259 unknown 8y ago Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
CVE-2018-11778 unknown 8y ago UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
CVE-2018-1336 unknown 8y ago In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
CVE-2018-1305 unknown 8y ago Apache Tomcat information exposure vulnerability
CVE-2018-1304 unknown 8y ago Apache Tomcat unauthorized access vulnerability
CVE-2018-1000613 unknown 8y ago Deserialization of Untrusted Data in Bouncy castle
CVE-2018-12542 unknown 8y ago Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
CVE-2018-12544 unknown 8y ago Moderate severity vulnerability that affects io.vertx:vertx-core
CVE-2018-12541 unknown 8y ago Excessive memory allocation
CVE-2018-12540 unknown 8y ago High severity vulnerability that affects io.vertx:vertx-web
CVE-2018-1338 unknown 8y ago Moderate severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-8017 unknown 8y ago Comparison errorr in org.apache.tika:tika-core
CVE-2018-11762 unknown 8y ago Moderate severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-11761 unknown 8y ago High severity vulnerability that affects org.apache.tika:tika-core
CVE-2018-1339 unknown 8y ago org.apache.tika:tika-parsers has an Infinite Loop vulnerability
CVE-2018-11796 unknown 8y ago Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
CVE-2018-12418 unknown 8y ago Junrar vulnerable to Infinite Loop
CVE-2018-8041 unknown 8y ago Apache Camel's Mail is vulnerable to path traversal
CVE-2018-8027 unknown 8y ago Apache is vulnerable to XXE in XSD validation processor
CVE-2018-8018 unknown 8y ago Code execution via deserialization in org.apache.ignite:ignite-core
CVE-2018-1295 unknown 8y ago Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization
CVE-2018-8032 unknown 8y ago Moderate severity vulnerability that affects apache axis
CVE-2018-8030 unknown 8y ago Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
CVE-2018-1327 unknown 8y ago Apache Struts REST Plugin can potentially allow a DoS attack
CVE-2018-7489 unknown 8y ago FasterXML jackson-databind allows unauthenticated remote code execution
CVE-2018-1000180 unknown 8y ago Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
CVE-2018-12538 unknown 8y ago Access and integrity issue within Eclipse Jetty
CVE-2018-11040 unknown 8y ago Moderate severity vulnerability that affects org.springframework:spring-core
CVE-2018-11039 unknown 8y ago Spring Framework Cross Site Tracing (XST)
CVE-2018-8008 unknown 8y ago ZipSlip in org.apache.storm:storm-core
CVE-2018-1000632 unknown 8y ago Dom4j contains a XML Injection vulnerability
CVE-2018-14041 unknown 8y ago Bootstrap Cross-site Scripting vulnerability