CVEs from 2018
Total
3,132
critical
critical 232
high
high 319
medium
medium 258
low
low 39
% Critical
7.4%
% with KEV
2.8%
% with exploit
8.3%
Top vendors
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20000 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in bedework:bw-webdav | |||
| CVE-2018-20059 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in pippo-core | |||
| CVE-2018-19907 | unknown | — | — | 8y ago | OS Command Injection in craftercms:crafter-studio | |||
| CVE-2018-15795 | unknown | — | — | 8y ago | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker | |||
| CVE-2018-11777 | unknown | — | — | 8y ago | Improper Authentication in hive:hive-exec | |||
| CVE-2018-1314 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.hive:hive-jdbc | |||
| CVE-2018-1282 | unknown | — | — | 8y ago | SQL Injection in hive-jdbc | |||
| CVE-2018-1284 | unknown | — | — | 8y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache hive | |||
| CVE-2018-1315 | unknown | — | — | 8y ago | Incorrect Permission Assignment for Critical Resource in Apache hive | |||
| CVE-2018-17187 | unknown | — | — | 8y ago | Improper Certificate Validation in proton-j | |||
| CVE-2018-17190 | unknown | — | — | 8y ago | Remote Code Execution in spark-core | |||
| CVE-2018-1337 | unknown | — | — | 8y ago | Credential leak in org.apache.directory.api:apache-ldap-api | |||
| CVE-2018-18853 | unknown | — | — | 8y ago | Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields | |||
| CVE-2018-18854 | unknown | — | — | 8y ago | Uncontrolled Resource Consumption in spray-json | |||
| CVE-2018-17184 | unknown | — | — | 8y ago | Improper Control of Interaction Frequency in Apache syncope-core | |||
| CVE-2018-17186 | unknown | — | — | 8y ago | Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core | |||
| CVE-2018-18830 | unknown | — | — | 8y ago | Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms | |||
| CVE-2018-18831 | unknown | — | — | 8y ago | Path Traversal in minsoft:ms-mcms | |||
| CVE-2018-8006 | unknown | — | — | 8y ago | Apache ActiveMQ web console vulnerable to Cross-site Scripting | |||
| CVE-2018-18628 | unknown | — | — | 8y ago | Deserialization of Untrusted Data in Pippo | |||
| CVE-2018-18531 | unknown | — | — | 8y ago | Use of Insufficiently Random Values in penggle:kaptcha | |||
| CVE-2018-16115 | unknown | — | — | 8y ago | Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor | |||
| CVE-2018-16131 | unknown | — | — | 8y ago | High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12 | |||
| CVE-2018-15758 | unknown | — | — | 8y ago | Authorization bypass in org.springframework.security.oauth:spring-security-oauth2 | |||
| CVE-2018-12537 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects io.vertx:vertx-core | |||
| CVE-2018-9159 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.sparkjava:spark-core | |||
| CVE-2018-1047 | unknown | — | — | 8y ago | Improper Input Validation in org.wildfly:wildfly-undertow | |||
| CVE-2018-1000644 | unknown | — | — | 8y ago | Eclipse RDF4j vulnerable to XML External Entity | |||
| CVE-2018-10936 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate | |||
| CVE-2018-1000529 | unknown | — | — | 8y ago | Stored Cross Site Scripting in Grails Fields Plugin | |||
| CVE-2018-11775 | unknown | — | — | 8y ago | Improper Certificate Validation in Apache activemq-client | |||
| CVE-2018-1307 | unknown | — | — | 8y ago | Apache juddi-client vulnerable to XML External Entity (XXE) | |||
| CVE-2018-1298 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j | |||
| CVE-2018-11771 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.commons:commons-compress | |||
| CVE-2018-8039 | unknown | — | — | 8y ago | Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.* | |||
| CVE-2018-12536 | unknown | — | — | 8y ago | Eclipse Jetty Server generates error message containing sensitive information | |||
| CVE-2018-11087 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp | |||
| CVE-2018-1196 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.springframework.boot:spring-boot | |||
| CVE-2018-1261 | unknown | — | — | 8y ago | Path traversal in org.springframework.integration:spring-integration-zip | |||
| CVE-2018-1260 | unknown | — | — | 8y ago | Spring Security OAuth vulnerable to remote code execution (RCE) | |||
| CVE-2018-8025 | unknown | — | — | 8y ago | Race condition in org.apache.hbase:hbase-thrift | |||
| CVE-2018-8038 | unknown | — | — | 8y ago | High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cx… | |||
| CVE-2018-10912 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.keycloak:keycloak-core | |||
| CVE-2018-1275 | unknown | — | — | 8y ago | Spring Framework has Improperly Implemented Security Check for Standard | |||
| CVE-2018-1272 | unknown | — | — | 8y ago | Possible privilege escalation in org.springframework:spring-core | |||
| CVE-2018-1271 | unknown | — | — | 8y ago | Path Traversal in org.springframework:spring-core | |||
| CVE-2018-1270 | unknown | — | — | 8y ago | Spring Framework allows applications to expose STOMP over WebSocket endpoints | |||
| CVE-2018-1258 | unknown | — | — | 8y ago | Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass | |||
| CVE-2018-1257 | unknown | — | — | 8y ago | Denial of Service in org.springframework:spring-core | |||
| CVE-2018-1199 | unknown | — | — | 8y ago | Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core | |||
| CVE-2018-8010 | unknown | — | — | 8y ago | There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files | |||
| CVE-2018-1308 | unknown | — | — | 8y ago | There is a XML external entity expansion (XXE) vulnerability in Apache Solr | |||
| CVE-2018-8026 | unknown | — | — | 8y ago | XML external entity expansion in org.apache.solr:solr-core | |||
| CVE-2018-17297 | unknown | — | — | 8y ago | Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal | |||
| CVE-2018-8023 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.mesos:mesos | |||
| CVE-2018-17785 | unknown | — | — | 8y ago | In blynk-server a Directory Traversal exists | |||
| CVE-2018-1332 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.storm:storm-core | |||
| CVE-2018-1331 | unknown | — | — | 8y ago | Code execution in org.apache.storm:storm-core | |||
| CVE-2018-15531 | unknown | — | — | 8y ago | JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | |||
| CVE-2018-11797 | unknown | — | — | 8y ago | In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation | |||
| CVE-2018-18389 | unknown | — | — | 8y ago | Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication | |||
| CVE-2018-1274 | unknown | — | — | 8y ago | Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation | |||
| CVE-2018-1259 | unknown | — | — | 8y ago | Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references | |||
| CVE-2018-11778 | unknown | — | — | 8y ago | UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow | |||
| CVE-2018-1336 | unknown | — | — | 8y ago | In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder | |||
| CVE-2018-1305 | unknown | — | — | 8y ago | Apache Tomcat information exposure vulnerability | |||
| CVE-2018-1304 | unknown | — | — | 8y ago | Apache Tomcat unauthorized access vulnerability | |||
| CVE-2018-1000613 | unknown | — | — | 8y ago | Deserialization of Untrusted Data in Bouncy castle | |||
| CVE-2018-12542 | unknown | — | — | 8y ago | Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location | |||
| CVE-2018-12544 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects io.vertx:vertx-core | |||
| CVE-2018-12541 | unknown | — | — | 8y ago | Excessive memory allocation | |||
| CVE-2018-12540 | unknown | — | — | 8y ago | High severity vulnerability that affects io.vertx:vertx-web | |||
| CVE-2018-1338 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-8017 | unknown | — | — | 8y ago | Comparison errorr in org.apache.tika:tika-core | |||
| CVE-2018-11762 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-11761 | unknown | — | — | 8y ago | High severity vulnerability that affects org.apache.tika:tika-core | |||
| CVE-2018-1339 | unknown | — | — | 8y ago | org.apache.tika:tika-parsers has an Infinite Loop vulnerability | |||
| CVE-2018-11796 | unknown | — | — | 8y ago | Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack | |||
| CVE-2018-12418 | unknown | — | — | 8y ago | Junrar vulnerable to Infinite Loop | |||
| CVE-2018-8041 | unknown | — | — | 8y ago | Apache Camel's Mail is vulnerable to path traversal | |||
| CVE-2018-8027 | unknown | — | — | 8y ago | Apache is vulnerable to XXE in XSD validation processor | |||
| CVE-2018-8018 | unknown | — | — | 8y ago | Code execution via deserialization in org.apache.ignite:ignite-core | |||
| CVE-2018-1295 | unknown | — | — | 8y ago | Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization | |||
| CVE-2018-8032 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects apache axis | |||
| CVE-2018-8030 | unknown | — | — | 8y ago | Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents | |||
| CVE-2018-1327 | unknown | — | — | 8y ago | Apache Struts REST Plugin can potentially allow a DoS attack | |||
| CVE-2018-7489 | unknown | — | — | 8y ago | FasterXML jackson-databind allows unauthenticated remote code execution | |||
| CVE-2018-1000180 | unknown | — | — | 8y ago | Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator | |||
| CVE-2018-12538 | unknown | — | — | 8y ago | Access and integrity issue within Eclipse Jetty | |||
| CVE-2018-11040 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.springframework:spring-core | |||
| CVE-2018-11039 | unknown | — | — | 8y ago | Spring Framework Cross Site Tracing (XST) | |||
| CVE-2018-8008 | unknown | — | — | 8y ago | ZipSlip in org.apache.storm:storm-core | |||
| CVE-2018-1000632 | unknown | — | — | 8y ago | Dom4j contains a XML Injection vulnerability | |||
| CVE-2018-14041 | unknown | — | — | 8y ago | Bootstrap Cross-site Scripting vulnerability |