VIR Vulnerability Intelligence Relay

CVEs from 2018

3,083 normalized CVEs published or assigned in this year.

Total
3,083
critical
critical 232
high
high 319
medium
medium 258
low
low 39
% Critical
7.5%
% with KEV
2.9%
% with exploit
8.4%

Top vendors

Top products

  • core_i7 379
  • core_i5 375
  • core_i3 242
  • xeon_e5 82
  • xeon_e7 62
  • xeon_e3 58
  • xeon_gold 33
  • atom_z 30

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2018-11796 unknown 8y ago Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
CVE-2018-12418 unknown 8y ago Junrar vulnerable to Infinite Loop
CVE-2018-8041 unknown 8y ago Apache Camel's Mail is vulnerable to path traversal
CVE-2018-8027 unknown 8y ago Apache is vulnerable to XXE in XSD validation processor
CVE-2018-8018 unknown 8y ago Code execution via deserialization in org.apache.ignite:ignite-core
CVE-2018-1295 unknown 8y ago Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization
CVE-2018-8032 unknown 8y ago Moderate severity vulnerability that affects apache axis
CVE-2018-8030 unknown 8y ago Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
CVE-2018-1327 unknown 8y ago Apache Struts REST Plugin can potentially allow a DoS attack
CVE-2018-7489 unknown 8y ago FasterXML jackson-databind allows unauthenticated remote code execution
CVE-2018-1000180 unknown 8y ago Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
CVE-2018-12538 unknown 8y ago Access and integrity issue within Eclipse Jetty
CVE-2018-11040 unknown 8y ago Moderate severity vulnerability that affects org.springframework:spring-core
CVE-2018-11039 unknown 8y ago Spring Framework Cross Site Tracing (XST)
CVE-2018-8008 unknown 8y ago ZipSlip in org.apache.storm:storm-core
CVE-2018-1000632 unknown 8y ago Dom4j contains a XML Injection vulnerability
CVE-2018-14041 unknown 8y ago Bootstrap Cross-site Scripting vulnerability