VIR Vulnerability Intelligence Relay

CVEs from 2018

3,719 normalized CVEs published or assigned in this year.

Total
3,719
critical
critical 225
high
high 266
medium
medium 224
low
low 32
% Critical
6.1%
% with KEV
2.4%
% with exploit
2.4%

Top vendors

Top products

  • erpnext 4
  • terminal_services_manager 1
  • ultraiso 1
  • dolibarr_erp\/crm 1
  • gitbucket 1
  • pdfunite 1
  • qemu 1
  • virtualization_manager 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2018-1000149 unknown 4y ago Jenkins Ansible Plugin man in the middle vulnerability java
CVE-2018-1067 unknown 4y ago Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow debianjava
CVE-2018-14657 unknown 4y ago Keycloak Improper Bruteforce Detection java
CVE-2018-1263 unknown 4y ago spring-integration-zip Arbitrary File Write java
CVE-2018-1262 unknown 4y ago UAA privilege escalation across identity zones java
CVE-2018-1313 unknown 4y ago Improper Access Control in Apache Derby susedebianjava
CVE-2018-1000067 unknown 4y ago Server-Side Request Forgery in Jenkins java
CVE-2018-1000192 unknown 4y ago Exposure of Sensitive Information to an Unauthorized Actor in Jenkins java
CVE-2018-1000193 unknown 4y ago Injection in Jenkins java
CVE-2018-6356 unknown 4y ago Improper Limitation of a Pathname to a Restricted Directory in Jenkins java
CVE-2018-5382 unknown 4y ago Improper Validation of Integrity Check Value in Bouncy Castle debianjava
CVE-2018-1000075 unknown 4y ago RubyGems Infinite Loop vulnerability susedebianrubyjava
CVE-2018-11764 unknown 4y ago Authentication bypass in Apache Hadoop java
CVE-2018-12023 unknown 6y ago Deserialization of Untrusted Data debianjava
CVE-2018-8029 unknown 7y ago Privilege escalation vulnerability in Apache Hadoop java
CVE-2018-11767 unknown 7y ago Improper Privilege Management in org.apache.hadoop:hadoop-main java
CVE-2018-1334 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark susejavapython
CVE-2018-8024 unknown 7y ago Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL susejava
CVE-2018-20242 unknown 7y ago Cross-site Scripting in jspwiki-war java
CVE-2018-14719 unknown 8y ago Arbitrary Code Execution in jackson-databind debianjava
CVE-2018-14718 unknown 8y ago Arbitrary Code Execution in jackson-databind debianjava
CVE-2018-18893 unknown 8y ago Jinjava calls getClass java
CVE-2018-20595 unknown 8y ago Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons java
CVE-2018-17197 unknown 8y ago Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser susedebianjava
CVE-2018-8009 unknown 8y ago Path Traversal in Hadoop susejava
CVE-2018-1000850 unknown 8y ago Directory Traversal vulnerability in Square Retrofit java
CVE-2018-17195 unknown 8y ago Cleartext Transmission of Sensitive Information in Apache nifi java
CVE-2018-17193 unknown 8y ago Cross site scripting in org.apache.nifi:nifi java
CVE-2018-17194 unknown 8y ago Apache NiFi Improper Input Validation vulnerability java
CVE-2018-17192 unknown 8y ago Improper Restriction of Rendered UI Layers or Frames in Apache nifif java
CVE-2018-1000822 unknown 8y ago XML External Entity (XXE) vulnerability in codelibs fess java
CVE-2018-15801 unknown 8y ago Spring Security vulnerable to Authorization Bypass java
CVE-2018-20094 unknown 8y ago XXL-CONF Path Traversal vulnerability java
CVE-2018-20000 unknown 8y ago Improper Restriction of XML External Entity Reference in bedework:bw-webdav java
CVE-2018-18831 unknown 8y ago Path Traversal in minsoft:ms-mcms java
CVE-2018-18628 unknown 8y ago Deserialization of Untrusted Data in Pippo java
CVE-2018-18531 unknown 8y ago Use of Insufficiently Random Values in penggle:kaptcha java
CVE-2018-12537 unknown 8y ago Moderate severity vulnerability that affects io.vertx:vertx-core java
CVE-2018-9159 unknown 8y ago Moderate severity vulnerability that affects com.sparkjava:spark-core susejava
CVE-2018-1000644 unknown 8y ago Eclipse RDF4j vulnerable to XML External Entity java
CVE-2018-10936 unknown 8y ago Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate susedebianjava
CVE-2018-1298 unknown 8y ago Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j java
CVE-2018-1275 unknown 8y ago Spring Framework has Improperly Implemented Security Check for Standard debianjava
CVE-2018-1272 unknown 8y ago Possible privilege escalation in org.springframework:spring-core debianjava
CVE-2018-1308 unknown 8y ago There is a XML external entity expansion (XXE) vulnerability in Apache Solr debianjava
CVE-2018-8026 unknown 8y ago XML external entity expansion in org.apache.solr:solr-core debianjava
CVE-2018-17785 unknown 8y ago In blynk-server a Directory Traversal exists java
CVE-2018-15531 unknown 8y ago JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. java
CVE-2018-1274 unknown 8y ago Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation java
CVE-2018-1304 unknown 8y ago Apache Tomcat unauthorized access vulnerability susedebianjava
CVE-2018-1000613 unknown 8y ago Deserialization of Untrusted Data in Bouncy castle debiansusejava
CVE-2018-12541 unknown 8y ago Excessive memory allocation java
CVE-2018-1338 unknown 8y ago Moderate severity vulnerability that affects org.apache.tika:tika-core debianjava
CVE-2018-11761 unknown 8y ago High severity vulnerability that affects org.apache.tika:tika-core susedebianjava
CVE-2018-12418 unknown 8y ago Junrar vulnerable to Infinite Loop java
CVE-2018-8030 unknown 8y ago Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents java
CVE-2018-1327 unknown 8y ago Apache Struts REST Plugin can potentially allow a DoS attack java
CVE-2018-8008 unknown 8y ago ZipSlip in org.apache.storm:storm-core java
CVE-2018-1000632 unknown 8y ago Dom4j contains a XML Injection vulnerability susedebianjava