|
247131
|
4.7 |
MEDIUM
Local
|
vmware
|
spring_integration_zip
|
Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip arch…
|
CWE-22
Path Traversal
|
CVE-2018-1263
|
2024-11-21 12:59 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247132
|
7.2 |
HIGH
Network
|
pivotal_software cloudfoundry
|
cloud_foundry_uaa cloud_foundry_uaa-release cf-deployment
|
Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administr…
|
NVD-CWE-noinfo
|
CVE-2018-1262
|
2024-11-21 12:59 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247133
|
8.8 |
HIGH
Network
|
infinispan redhat
|
infinispan jboss_data_grid
|
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious obj…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1131
|
2024-11-21 12:59 |
2018-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247134
|
7.8 |
HIGH
Local
|
linux canonical debian redhat
|
linux_kernel ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server_aus enterprise_linux_workstation enterprise_linux enterprise_linux_server_tus enterpris…
|
kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions d…
|
NVD-CWE-noinfo
|
CVE-2018-1087
|
2024-11-21 12:59 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247135
|
7.5 |
HIGH
Network
|
pivotal_software
|
greenplum_command_center
|
Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. An unauthenticated user can perform a SQL injection in the command center which results in d…
|
CWE-89
SQL Injection
|
CVE-2018-1280
|
2024-11-21 12:59 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247136
|
6.5 |
MEDIUM
Network
|
pivotal_software
|
pivotal_application_service
|
Apps Manager included in Pivotal Application Service, versions 1.12.x prior to 1.12.22, 2.0.x prior to 2.0.13, and 2.1.x prior to 2.1.4 contains an authorization enforcement vulnerability. A member o…
|
CWE-863
Incorrect Authorization
|
CVE-2018-1278
|
2024-11-21 12:59 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247137
|
4.7 |
MEDIUM
Local
|
vmware
|
spring_integration_zip
|
Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, …
|
CWE-22
Path Traversal
|
CVE-2018-1261
|
2024-11-21 12:59 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247138
|
9.8 |
CRITICAL
Network
|
pivotal_software
|
spring_security_oauth
|
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malici…
|
CWE-94
Code Injection
|
CVE-2018-1260
|
2024-11-21 12:59 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247139
|
7.5 |
HIGH
Network
|
pivotal_software xmlbeam
|
spring_data_commons spring_data_rest xmlbeam
|
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper re…
|
CWE-611
XXE
|
CVE-2018-1259
|
2024-11-21 12:59 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247140
|
8.8 |
HIGH
Network
|
oracle netapp redhat
|
weblogic_server enterprise_manager_ops_center enterprise_repository application_testing_suite retail_back_office hospitality_guest_access endeca_information_discovery_integrator …
|
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unaut…
|
CWE-863
Incorrect Authorization
|
CVE-2018-1258
|
2024-11-21 12:59 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|